Best cipher restriction settings BEAST/LOGJAM/SWEET32

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Best cipher restriction settings BEAST/LOGJAM/SWEET32

This post has NOT been accepted by the mailing list yet.
Hello everybody,

i'm trying to figure out what could be the best setup to adopt for the cipher restriction argument in order to solve some flaws we have still open.

I thought i could resolve most of the vulnerabilities upgrading to latest version of openssl ( i m having test environment) but tests performed showed that it was not like this.

Indeed even if i updated to OpenSSL 1.1.0b  26 Sep 2016 that claims to have removed all DES vulnerabile ciphers I'm still able to perform a openssl s_client connection to my rabbitmq server using for example DES-CBC3-SHA

The weird thing is that some of the 3DES ciphers of the encryption family were disabled and the handshake did not happen.

Im not sure how to approach on this situation, i thought RMQ Erlang sticks with the openssl version reason for which i should have all the ciphers from DES/3DES removed.

What is your thought on this ?  Thanks you all.