question

user2021 avatar image
0 Votes"
user2021 asked user2021 edited

How to fix Insecure Transport: Weak SSL Cipher?

DAST is a security scanning program and after scanning my applications it reported a vulnerability "Insecure Transport: Weak SSL Cipher." Below is the cipher suite being scanned and the result is "Weak." The protocol is TLS 1.2.

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xc013)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xc014)
TLS_RSA_WITH_AES_128_CBC_SHA(0x2f)
TLS_RSA_WITH_AES_256_CBC_SHA(0x35)


Can you suggest a way on how to fix or remediate this vulnerability? Thanks in advance!

windows-serverwindows-server-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered DaisyZhou-MSFT edited

Hello @tobias2021,

Thank you for posting here.

What machine (Windows server or Windows client or non-Windows server or non-Windows client) did you scan using DAST program?
If it is machine with Windows operating system, we can disable weak SSL Cipher and enable secure SSL Cipher or enable secure TLS Cipher.

However, if there are third-part apps/machines with non-Windows operating system or old Apps (Windows or non-Windows) in your AD environement, you may consider whether they support secure SSL Cipher or TLS Cipher(in other word, they may only support weak SSL ) before disabling weak SSL Cipher .

Reference
Managing SSL/TLS Protocols and Cipher Suites for AD FS
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs


Hope the information above is helpful.

Should you have any question or concern, please feel free to let us know.


Best Regards,
Daisy Zhou

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.