Hi All,
Our Nessus server is reporting that our OpenVPN AS Server Web Server is allowing weak ciphers and I'm trying to find the right command to disable them.
List of 64-bit block cipher suites supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
TLSv1
EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1
I've found this link and command which looks like I can run it on my server, but just trying to confirm the correct syntax:
https://docs.openvpn.net/docs/access-se ... phersuites
cs.openssl_ciphersuites
Thanks,
Daniel
Open VPN AS Web Server - Ciphers
-
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Dec 16, 2014 11:03 am
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed Feb 08, 2017 2:45 pm
Re: Open VPN AS Web Server - Ciphers
You should removed all ciphers suite with DES on it ...
-
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Dec 16, 2014 11:03 am
Re: Open VPN AS Web Server - Ciphers
Yes, but i'm after the correct syntax for this command. I know what we need to do.
Example:
./sacli -k cs.openssl_ciphersuites -v 'DEFAULT:!EXP:!PSK:!SRP:!LOW:!RC4:!kRSA' ConfigPut
Example:
./sacli -k cs.openssl_ciphersuites -v 'DEFAULT:!EXP:!PSK:!SRP:!LOW:!RC4:!kRSA' ConfigPut
-
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Dec 16, 2014 11:03 am
Re: Open VPN AS Web Server - Ciphers
I'm trying this:
From this Directory: /usr/local/openvpn_as/scripts
./sacli -k cs.openssl_ciphersuites -v 'DEFAULT:!EXP:!PSK:!SRP:!LOW:!MEDIUM:!RC4:!kRSA:!3DES' ConfigPut
./sacli start
RunStart warm None
{
"errors": {},
"service_status": {
"api": "on",
"auth": "on",
"bridge": "on",
"client_query": "on",
"crl": "on",
"daemon_pre": "on",
"db_push": "on",
"ip6tables_live": "on",
"ip6tables_openvpn": "on",
"iptables_live": "on",
"iptables_openvpn": "on",
"iptables_web": "restarted",
"license": "on",
"log": "on",
"openvpn_0": "on",
"openvpn_1": "on",
"user": "on",
"web": "restarted"
}
}
WILL_RESTART ['web']
Will wait to see the results.
From this Directory: /usr/local/openvpn_as/scripts
./sacli -k cs.openssl_ciphersuites -v 'DEFAULT:!EXP:!PSK:!SRP:!LOW:!MEDIUM:!RC4:!kRSA:!3DES' ConfigPut
./sacli start
RunStart warm None
{
"errors": {},
"service_status": {
"api": "on",
"auth": "on",
"bridge": "on",
"client_query": "on",
"crl": "on",
"daemon_pre": "on",
"db_push": "on",
"ip6tables_live": "on",
"ip6tables_openvpn": "on",
"iptables_live": "on",
"iptables_openvpn": "on",
"iptables_web": "restarted",
"license": "on",
"log": "on",
"openvpn_0": "on",
"openvpn_1": "on",
"user": "on",
"web": "restarted"
}
}
WILL_RESTART ['web']
Will wait to see the results.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Dec 16, 2014 11:03 am
Re: Open VPN AS Web Server - Ciphers
Looks like this has worked.
Will wait a couple more scans to make sure.
Will wait a couple more scans to make sure.