Hi,
We have completed Openvas scan on one of our windows server, found few medium vulnerabilities for port 443,
Please find the below medium vulnerabilities for port 443,
Summary This routine reports all SSL/TLS cipher suites accepted by a service where attack vectors exists only on HTTPS services.
Vulnerability Detection Result ‘Vulnerable’ cipher suites accepted by this service via the TLSv1.0 protocol: TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32) ‘Vulnerable’ cipher suites accepted by this service via the TLSv1.1 protocol: TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32) ‘Vulnerable’ cipher suites accepted by this service via the TLSv1.2 protocol: TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
Solution Solution type: Mitigation The conguration of this services should be changed so that it does not accept the listed cipher suites anymore.
Summary This routine reports all Weak SSL/TLS cipher suites accepted by a service. NOTE: No severity for SMTP services with ‘Opportunistic TLS’ and weak cipher suites on port 25/tcp is reported.
If too strong cipher suites are congured for this service the alternative would be to fall back to an even more insecure cleartext communication.
Vulnerability Detection Result ‘Weak’ cipher suites accepted by this service via the TLSv1.0 protocol: TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA ‘Weak’ cipher suites accepted by this service via the TLSv1.1 protocol: TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA ‘Weak’ cipher suites accepted by this service via the TLSv1.2 protocol: TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA
Solution Solution type: Mitigation The configuration of this services should be changed so that it does not accept the listed weak cipher suites anymore.