Application Delivery Management
Application Modernization & Connectivity
CyberRes
IT Operations Management
Summary
WI will detect Weak SSL Cipher as a vulnerability and would provide a list of them
Products
Fortify WebInspect
Situation
After running a scan over a website, WebInspect would report a list of weak ciphers as a Critical vulnerability. In most scenarios, some protocols from TLS or SSL have been disabled but the vulnerability is still found.
A list like below would be reported:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Read Full Support Aritcle here.
Support ARticle Reference Number (URL Name)
KM000006509
__________________________________
Elizabeth Knappen
CyberRes Community Manager
If you find this post useful, give it a ‘Like’ or use ‘Verify Answer’