Results 1 to 4 of 4

Thread: SSL certificate related vulnerability

  1. #1
    Join Date
    Nov 2008
    Posts
    46
    Rep Power
    6

    Default SSL certificate related vulnerability

    Hi,

    After doing vulnerability assessment, we found below SSL related vulnerability :

    1. SSL medium and weak cipher suites supported.
    2. SSL certiicate signed with weak hashing algorithm
    (The SSL certificate is signed using MD5 algorithm. This algorithm is weak and is vlunerable to collision attacks. )
    3. SSL / TLS renegotiation handshakes MiTM plaintext data injection


    Is there any way to fix this on permenent base ??

    Please help me in this regards,

    KK

  2. #2
    Join Date
    Nov 2008
    Posts
    46
    Rep Power
    6

    Default

    Guys...please suggest regarding this concern...

  3. #3
    Join Date
    Nov 2008
    Posts
    46
    Rep Power
    6

    Default

    Can anyone please suggest what is the right way to fix these vulnerabilities ???

  4. #4
    Join Date
    Dec 2009
    Location
    Michigan
    Posts
    454
    Rep Power
    5

    Default

    Quote Originally Posted by k_k View Post
    Can anyone please suggest what is the right way to fix these vulnerabilities ???
    We got the same report from McAfee's scan. And, I found this wiki entry:

    Cipher suites - Zimbra :: Wiki

    Doug
    Ben Franklin quote:

    "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

Similar Threads

  1. Replies: 7
    Last Post: 02-13-2013, 01:36 AM
  2. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 03:08 AM
  3. Certificate Change Kicks Moto Q off of SSL Synch
    By theasbcguy in forum Zimbra Mobile
    Replies: 3
    Last Post: 04-14-2008, 12:01 PM
  4. Self-Signed SSL Certificate Causing Crash
    By VxJasonxV in forum Administrators
    Replies: 1
    Last Post: 12-06-2007, 12:24 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •