Share via

How to fix Insecure Transport: Weak SSL Cipher?

user20201 346 Reputation points
2021-03-17T08:51:46.177+00:00

DAST is a security scanning program and after scanning my applications it reported a vulnerability "Insecure Transport: Weak SSL Cipher." Below is the cipher suite being scanned and the result is "Weak." The protocol is TLS 1.2.

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xc013)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xc014)
TLS_RSA_WITH_AES_128_CBC_SHA(0x2f)
TLS_RSA_WITH_AES_256_CBC_SHA(0x35)

Can you suggest a way on how to fix or remediate this vulnerability? Thanks in advance!

Windows for business Windows Server User experience Other
Windows for business Windows Server Devices and deployment Configure application groups
0 comments
Accepted answer
  1. Anonymous
    2021-03-18T03:43:47.31+00:00

    Hello @tobias2021,

    Thank you for posting here.

    What machine (Windows server or Windows client or non-Windows server or non-Windows client) did you scan using DAST program?
    If it is machine with Windows operating system, we can disable weak SSL Cipher and enable secure SSL Cipher or enable secure TLS Cipher.

    However, if there are third-part apps/machines with non-Windows operating system or old Apps (Windows or non-Windows) in your AD environement, you may consider whether they support secure SSL Cipher or TLS Cipher(in other word, they may only support weak SSL ) before disabling weak SSL Cipher .

    Reference
    Managing SSL/TLS Protocols and Cipher Suites for AD FS
    https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs

    Hope the information above is helpful.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.