We have problems with vulnerabilities that our customer has found in the eDirectory's enviroment. The Tomcat related vulnerabilities has been solved, but hasn't been the same with the LDAP related ones.
This issues found by Rapid7 (the scanner used by the customer) are:
- TLS/SSL Server Supports The Use of Static Key Ciphers
- TLS/SSL Server Does Not Support Any Strong Cipher Algorithms
We have changed the ciphers used by ldap, but the connection stops working when we found some cipher that do not represent a vulnerability for the scanner.
The question is: Is there any ciphers that doesn't have this vulnerabilities, but are compatible enough to let the ldap work properly?
Or it exist a combination of configuration in the ldap section that enable the ldap to work without having this vulnerabilities?