- Block cipher algorithms with block size of 64 bits (like DES and 3DES) birthday attack known as Sweet32, CVE-2016-2183
- TLSv1.0 Supported
- Reflected Cross-Site Scripting Vulnerability

- Block cipher algorithms with block size of 64 bits (like DES and 3DES) birthday attack known as Sweet32, CVE-2016-2183
- TLSv1.0 Supported
- Reflected Cross-Site Scripting Vulnerability

Evidence:

Cipher Suite: TLSv1_1 : ECDHE-RSA-DES-CBC3-SHA

Cipher Suite: TLSv1_1 : EDH-RSA-DES-CBC3-SHA

Cipher Suite: TLSv1_1 : DES-CBC3-SHA

Cipher Suite: TLSv1_2 : ECDHE-RSA-DES-CBC3-SHA

Cipher Suite: TLSv1_2 : EDH-RSA-DES-CBC3-SHA

Cipher Suite: TLSv1_2 : DES-CBC3-SHA

TLSv1.0 Supported Port: tcp/443

CVSSv2: AV:N/AC:L/Au:N/C:N/I:P/A:N

Service: apache:http_server

Evidence:

Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA

Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA

Cipher Suite: TLSv1 : AES256-SHA

Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA

Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA

Cipher Suite: TLSv1 : AES128-SHA

Cipher Suite: TLSv1 : ECDHE-RSA-DES-CBC3-SHA

Cipher Suite: TLSv1 : EDH-RSA-DES-CBC3-SHA

Cipher Suite: TLSv1 : DES-CBC3-SHA

For port 21, the following thread discusses this issue:

Pure-FTPd Cipher Settings

For the remaining issues, this thread should help:

I need to disable TLS v1.0

Thank you.

Block cipher algorithms with block size of 64 bits (like DES and 3DES) birthday attack known as Sweet32

Evidence:

Cipher Suite: TLSv1_1 : ECDHE-RSA-DES-CBC3-SHA

Cipher Suite: TLSv1_1 : EDH-RSA-DES-CBC3-SHA

Cipher Suite: TLSv1_1 : DES-CBC3-SHA

Cipher Suite: TLSv1_2 : ECDHE-RSA-DES-CBC3-SHA

Cipher Suite: TLSv1_2 : EDH-RSA-DES-CBC3-SHA

Cipher Suite: TLSv1_2 : DES-CBC3-SHA

TLSv1.0 Supported

Evidence:

Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA

Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA

Cipher Suite: TLSv1 : AES256-SHA

Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA

Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA

Cipher Suite: TLSv1 : AES128-SHA

SSL/TLS Weak Encryption Algorithms

Evidence:

Cipher Suite: TLSv1_1 : ECDHE-RSA-RC4-SHA

Cipher Suite: TLSv1_1 : RC4-SHA

Cipher Suite: TLSv1_1 : RC4-MD5

Cipher Suite: TLSv1_2 : ECDHE-RSA-RC4-SHA

Cipher Suite: TLSv1_2 : RC4-SHA

Cipher Suite: TLSv1_2 : RC4-MD5

For port 21, this is related to a bug with Pure-FTPd. We have an internal case open to address the issue, and will update the associated forums thread once it's published:

Pure-FTPd Cipher Settings

Regarding port 443, could you let us know what cipher settings have you configured for Apache?

Thank you.

SSL Cipher Suite

GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS

SSL/TLS Protocal: All -SSLv2 -SSLv3

Hello,SSL/TLS Protocal: All -SSLv2 -SSLv3

You'd need to change this to the following if you want to disable TLS v1.0:

Code:

`All -SSLv2 -SSLv3 -TLSv1`

Block cipher algorithms with block size of 64 bits (like DES and 3DES) birthday attack known as Sweet32

tcp/2087/2083

Evidence:

Cipher Suite: TLSv1_1 : ECDHE-RSA-DES-CBC3-SHA

Cipher Suite: TLSv1_1 : EDH-RSA-DES-CBC3-SHA

Cipher Suite: TLSv1_1 : DES-CBC3-SHA

Cipher Suite: TLSv1_2 : ECDHE-RSA-DES-CBC3-SHA

Cipher Suite: TLSv1_2 : EDH-RSA-DES-CBC3-SHA

Cipher Suite: TLSv1_2 : DES-CBC3-SHA

Check to see if this thread helps for that report:

SOLVED - PCI Scan Fails On Web Services Ports

Thank you.

SOLVED - PCI Scan Fails On Web Services Ports

Thank you.