Synopsis: The remote service supports the use of medium strength SSL ciphers.

1. Synopsis: The remote service supports the use of medium strength SSL ciphers.
2.  
3. Description
4. The remote host supports the use of SSL ciphers that offer medium
5. strength encryption, which we currently regard as those with key
6. lengths at least 56 bits and less than 112 bits.
7.  
8. Note: This is considerably easier to exploit if the attacker is on the
9. same physical network.
10.  
11. Solution
12. Reconfigure the affected application if possible to avoid use of
13. medium strength ciphers.
14.  
15. Risk Factor: Medium
16.  
17. CVSS Base Score
18. 4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
19.  
20. Plugin Output
21. Here is the list of medium strength SSL ciphers supported by the remote server :
22.  
23. Medium Strength Ciphers (>= 56-bit and < 112-bit key)
24. SSLv3
25. EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
26. DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
27. TLSv1
28. EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
29. DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
30.  
31. The fields above are :
32.  
33. {OpenSSL ciphername}
34. Kx={key exchange}
35. Au={authentication}
36. Enc={symmetric encryption method}
37. Mac={message authentication code}
38. {export flag}
39.  
40. Plugin Publication Date: 2009/11/23