Can't turn off 3DES

Support for security such as Firewalls and securing linux
Post Reply
mconstant
Posts: 13
Joined: 2014/11/04 16:39:03

Can't turn off 3DES

Post by mconstant » 2017/08/18 14:37:33

I am not having an easy time turning off 3DES to fix SWEET32. This is an .ova for a phone system but I am trying to remediate some security vulnerabilities. If I go to /etc/httpd/conf.d/ssl.conf I have SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:!3DES. If I go to httpd.conf I have added the 3DES part to SSLCipherSuite HIGH:!aNULL:!MD5:!RC4:+SHA1 so it looked like SSLCipherSuite HIGH:!aNULL:!MD5:!RC4:!3DES:+SHA1, but each time I run nmap or Nessus it comes up with 3DES as a finding. Is there any other place I can shut it off?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Can't turn off 3DES

Post by TrevorH » 2017/08/18 16:28:42

On what port is the report of the error?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

mconstant
Posts: 13
Joined: 2014/11/04 16:39:03

Re: Can't turn off 3DES

Post by mconstant » 2017/08/18 19:03:51

For this machine it is 443.

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: Can't turn off 3DES

Post by avij » 2017/08/18 19:45:35

Do you have some other software (or hardware) functioning as a reverse proxy for the web server?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Can't turn off 3DES

Post by TrevorH » 2017/08/18 20:27:45

Check the output of ss -antpl | grep 443 and make sure the process that is listening on the port is the one you think it is. Check the running process to see what config file it is using and make sure it is the one you think it should be.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

mconstant
Posts: 13
Joined: 2014/11/04 16:39:03

Re: Can't turn off 3DES

Post by mconstant » 2017/08/23 14:03:51

You were correct there was a different process using 443. It was a proxy. Thank you.

Post Reply