VA Scan tool reports weak Ciphers even though they have been turned off in SpanVA settings
search cancel

VA Scan tool reports weak Ciphers even though they have been turned off in SpanVA settings

book

Article ID: 381901

calendar_today

Updated On:

Products

CASB Audit CASB Gateway CASB Gateway Advanced CASB Security Advanced CASB Security Premium CASB Security Standard CASB Securlet SAAS

Issue/Introduction

Client VA Scan tool may report weak ciphers even though they have been turned off in SpanVA / Settings: / Ciphers configuration section:

(example of weak Ciphers disabled in SpanVA Settings below)

 

Cause

Oracle Linux/CentOS/RHEL 8 - all introduced a new feature called system wide crypto-policy 

By default, this global policy overrides the sshd_config file configuration/algorithms 

Resolution

Fixed on SpanVA version 3.166.0 and newer

The fix disables global crypto-policy for sshd.service.

 

Powered by Wolken Software