SSL Anonymous Cipher Suites Supported

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
PastorOfMuppets
Posts: 4
Joined: Sat Sep 13, 2014 2:23 am

SSL Anonymous Cipher Suites Supported

Postby PastorOfMuppets » Thu Jan 05, 2012 3:46 pm

Nessus reported the following threat from Zimbra. Does anyone know how to correct?
Thanks.
Summary:

SSL Anonymous Cipher Suites Supported
Risk: High (3)

Type: Nessus

Port: 465

Protocol: TCP

Threat ID: 131705
Information From Target:

The remote server supports the following anonymous SSL ciphers :
ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES(168) Mac=SHA1

ADH-RC4-MD5 Kx=DH Au=None Enc=RC4(128) Mac=MD5

ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES(168) Mac=SHA1

ADH-AES128-SHA Kx=DH Au=None Enc=AES(128) Mac=SHA1

ADH-AES256-SHA Kx=DH Au=None Enc=AES(256) Mac=SHA1

ADH-CAMELLIA128-SHA Kx=DH Au=None Enc=Camellia(128) Mac=SHA1

ADH-CAMELLIA256-SHA Kx=DH Au=None Enc=Camellia(256) Mac=SHA1

ADH-RC4-MD5 Kx=DH Au=None Enc=RC4(128) Mac=MD5

n/a Kx=DH Au=None Enc=SEED(128) Mac=SHA1
The fields above are :
{OpenSSL ciphername}

Kx={key exchange}

Au={authentication}

Enc={symmetric encryption method}

Mac={message authentication code}

{export flag}
Solution:

Reconfigure the affected application if possible to avoid use of weak

ciphers.

Details:
The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host's identity and renders the service vulnerable to a man-in-the-middle attack.


yasanthau
Advanced member
Advanced member
Posts: 57
Joined: Sat Sep 13, 2014 12:52 am

SSL Anonymous Cipher Suites Supported

Postby yasanthau » Sun Jun 09, 2013 11:45 pm

I also have same issue.
User avatar
quanah
Zimbra Alumni
Zimbra Alumni
Posts: 1667
Joined: Fri Sep 12, 2014 10:33 pm
Contact:

SSL Anonymous Cipher Suites Supported

Postby quanah » Mon Jun 10, 2013 11:14 am

This is a bogus report. I suggest you contact Nessus and ask them to fix their software. This does not affect SMTP/SMTPS (which is what port 465 is).
--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 28 guests