Hardening of GSA and GSAD from scan results?

duplicate

#1

OS: Ubuntu 18.04
OpenVAS version 9
Installation was via the Ubuntu ppa:mrazavi/openvas.

Issue:
I ran an authenticated scan against our OpenVAS system. The scan reported the following:
SSL/TLS: Report Vulnerable Cipher Suites for HTTPS
which upon further review seems to indicate that TLSv1.0 and above are being used, and some “weak(er)” ciphers are being used of the " SWEET32" category.

With results like this on Apache or nginx, I know how to remediate such by (1) force TLSv1.2 and (2) remove the weak ciphers then replace and enforce stronger ciphers. However with GSA and GSAD, I confess I am unsure where to find similar configuration files to assist with such.

Questions and/or feedback are welcomed. Thanks for the assistance in advance.


#2

Closing as a duplicate of the following two existing threads about the same topic (which might be found via the search function when using keywords like “sweet32” or “cipher”). If you have further questions please continue within the second thread still open.


closed #3