For VIOM, vulnerable SSL/TLS Ciphers reported for port 5634.

book

Article ID: 100064584

calendar_today

Updated On:

Description

Error Message

The port scan lists a number of weak ciphers. 

# nmap -sV --script ssl-enum-ciphers -p 5634

Starting Nmap 7.92 ( https://nmap.org ) at 2024-03-26 04:35 PDT
Nmap scan report for viom.VRTS.local (x.x.x.x)
Host is up (0.000081s latency).

PORT     STATE SERVICE   VERSION
5634/tcp open  ssl/wsman Openwsman
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:

|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A

|     compressors:
|       NULL
|     cipher preference: client
|_  least strength: A

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 25.23 seconds

 

Cause

The following are weak ciphers that need to be disabled.

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

TLS_RSA_WITH_AES_128_GCM_SHA256

TLS_RSA_WITH_AES_256_GCM_SHA384

 

Resolution

1) Locate the OpenSSL name using the following website. 

https://ciphersuite.info/cs/

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256  - ECDHE-RSA-AES128-SHA256

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - ECDHE-RSA-AES256-SHA384

TLS_RSA_WITH_AES_128_GCM_SHA256 - AES128-GCM-SHA256

TLS_RSA_WITH_AES_256_GCM_SHA384 - AES256-GCM-SHA384

 

2) Using the OpenSSL name, update the VRTSatlocal.conf file. 

/var/opt/VRTSsfmh/sec/root/.VRTSat/profile/VRTSatlocal.conf

From:

"SSLCipherSuite"="HIGH:HIGH:!MD5:!aNULL:!eNULL:!SSLv2:!RC4:!SHA:!DES:!3DES:!AES128-SHA256:!AES256-SHA256"

To: 

"SSLCipherSuite"="HIGH:HIGH:!MD5:!aNULL:!eNULL:!SSLv2:!RC4:!SHA:!DES:!3DES:!AES128-SHA256:!AES256-SHA256:!ECDHE-RSA-AES128-SHA256:!ECDHE-RSA-AES256-SHA384:!AES128-GCM-SHA256:!AES256-GCM-SHA384"

 

3) Restart the xprtld process. 

# /opt/VRTSsfmh/adm/xprtldctrl stop
# /opt/VRTSsfmh/adm/xprtldctrl start

 

4) Verify that only secure ciphers are being used.

# nmap -sV --script ssl-enum-ciphers -p 5634
Starting Nmap 7.92 ( https://nmap.org ) at 2024-03-26 04:48 PDT
Nmap scan report for viom.VRTS.local (x.x.x.x)
Host is up (0.000084s latency).

PORT     STATE SERVICE   VERSION
5634/tcp open  ssl/wsman Openwsman
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|     compressors:
|       NULL
|     cipher preference: client
|_  least strength: A

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 25.18 seconds
 

Issue/Introduction

For Veritas Infoscale Operations Manager (VIOM), vulnerable SSL/TLS Ciphers are reported in network security scans for port 5634.
Powered by Wolken Software