-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS weak cipher suites from OpenVAS #341
Comments
Hi, Same problem here. I have a drachtio server running with TLS and want to configure the cipher suites offered by drachtio. Would be this possible? I have tried a workaround by overriding the openssl configuration at OS level and I see my changes applied (bash: openssl ciphers) but looks like drachtio is using a different SSL implementation or at least ignoring this configuration and using its own ciphers. The reason why I want to configure this is that I have pentested the connection with a security tool (https://github.com/drwetter/testssl.sh) and found the same issue reported by @calvet27
I also noticed this but it's not a vulnerability:
To illustrate the use case, we have solved similar issues with Asterisk and Kamailio through configuration parameters. As an example: Asterisk SIP configuration (https://github.com/asterisk/asterisk/blob/18/configs/samples/sip.conf.sample)
Kamailio TLS configuration (https://kamailio.org/docs/modules/devel/modules/tls.html#tls.p.cipher_list):
Thanks in advance for any help or guidance on this. Kind regards, |
I think that So that means, It's impossible to configure directly to disable As an alternative way,
The above alternative is somewhat inconvenient and does not facilitate version management. |
Hi,
I had a vulnerability test with OpenVAS on TLS connection.
But I've got the message like below:
That means CBC(Cipher Block Chaining) mode is not blocked by Drachtio SIP Server.
Is there any solution for this issue?
The text was updated successfully, but these errors were encountered: