Vulnerability about SSL/TLS

Hi all,

After scanning by openvas, I have 2 vulnerabilies on server linux :
SSL/TLS: Report Vulnerable Cipher Suites for HTTPS with solution : The configuration of this services should be changed so that it does not accept the listed cipher suites anymore.
SSL/TLS: Report ‘Null’ Cipher Suites with solution : The configuration of this services should be changed so that it does not accept the listed ‘Null’ cipher suites anymore.
With this solution, I can’t fix these vulnerabilities.
Please help me with solutions which more detail to fix.

Thank everyone very much.

The mitigation for this kind of vulnerabilities highly depends on the service/product this vulnerability is detected at so no specific mitigation hints can / will be given here.

Please have a look at the manual of the related product or at 3rd party resources like e.g. https://bettercrypto.org/ (linked in the references of both mentioned VTs) how to configure the service / product in a more secure way for SSL/TLS connections / communication.

1 Like