Medium Cipher Suites in SSP
search cancel

Medium Cipher Suites in SSP

book

Article ID: 420555

calendar_today

Updated On:

Products

VMware vDefend Firewall

Issue/Introduction

Some vulnerability scanners detect medium strength cipher suites (SWEET32) on SSP. 

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

    Name                          Code             KEX           Auth     Encryption             MAC
    ----------------------        ----------       ---           ----     ---------------------  ---
    ECDHE-RSA-DES-CBC3-SHA        0xC0, 0x12       ECDH          RSA      3DES-CBC(168)          SHA1
    DES-CBC3-SHA                  0x00, 0x0A       RSA           RSA      3DES-CBC(168)          SHA1

Environment

SSP 5.0

Cause

The current SSP release includes default cipher suite configurations from the underlying Kubernetes implementation that permit medium strength cipher suites to maintain broad compatibility.

Resolution

  • As of now, you can not disable these ciphers.
  • This will be fixed in the next release by allowing only secured ciphers.
Powered by Wolken Software