OS: Ubuntu 18.04
OpenVAS version 9
Installation was via the Ubuntu ppa:mrazavi/openvas
.
Issue:
I ran an authenticated scan against our OpenVAS system. The scan reported the following:
SSL/TLS: Report Vulnerable Cipher Suites for HTTPS
which upon further review seems to indicate that TLSv1.0 and above are being used, and some “weak(er)” ciphers are being used of the " SWEET32" category.
With results like this on Apache or nginx, I know how to remediate such by (1) force TLSv1.2 and (2) remove the weak ciphers then replace and enforce stronger ciphers. However with GSA and GSAD, I confess I am unsure where to find similar configuration files to assist with such.
Questions and/or feedback are welcomed. Thanks for the assistance in advance.