Can't turn off 3DES
Can't turn off 3DES
I am not having an easy time turning off 3DES to fix SWEET32. This is an .ova for a phone system but I am trying to remediate some security vulnerabilities. If I go to /etc/httpd/conf.d/ssl.conf I have SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:!3DES. If I go to httpd.conf I have added the 3DES part to SSLCipherSuite HIGH:!aNULL:!MD5:!RC4:+SHA1 so it looked like SSLCipherSuite HIGH:!aNULL:!MD5:!RC4:!3DES:+SHA1, but each time I run nmap or Nessus it comes up with 3DES as a finding. Is there any other place I can shut it off?
Re: Can't turn off 3DES
On what port is the report of the error?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Can't turn off 3DES
For this machine it is 443.
Re: Can't turn off 3DES
Do you have some other software (or hardware) functioning as a reverse proxy for the web server?
Re: Can't turn off 3DES
Check the output of ss -antpl | grep 443 and make sure the process that is listening on the port is the one you think it is. Check the running process to see what config file it is using and make sure it is the one you think it should be.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Can't turn off 3DES
You were correct there was a different process using 443. It was a proxy. Thank you.