Unable to disable certain ciphers; site validation issues
Posted: Thu Nov 22, 2018 9:40 am
Hi,
some questions about security.
a) If we submit to https://www.ssllabs.com/ssltest/ our site to validation, we get some warnings about following ciphers marked as WEAK:
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
As of current version of Java (8 Update 191) and Tsplus (11.60.10.28), we are unable to disable the ciphers from AdminTools > Security > SSL Ciphers Selection; the only way I found is to edit the c:\Program Files (x86)\FlexiCloud\Clients\webserver\tls.bin.
b) Is there a way to disable the TLSv1 and TLSv1.1 both?
c) If we submit to https://www.whynopadlock.com our site to validation, it complains that webserver is not forcing the use of SSL, but we have enabled it adding to C:\Program Files (x86)\FlexiCloud\Clients\webserver\settings.bin the following line:
disable_http_only=true
moreover if I go to our site with the http: prefix I am redirected automatically to the https:
Where is the problem?
Best.
some questions about security.
a) If we submit to https://www.ssllabs.com/ssltest/ our site to validation, we get some warnings about following ciphers marked as WEAK:
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
As of current version of Java (8 Update 191) and Tsplus (11.60.10.28), we are unable to disable the ciphers from AdminTools > Security > SSL Ciphers Selection; the only way I found is to edit the c:\Program Files (x86)\FlexiCloud\Clients\webserver\tls.bin.
b) Is there a way to disable the TLSv1 and TLSv1.1 both?
c) If we submit to https://www.whynopadlock.com our site to validation, it complains that webserver is not forcing the use of SSL, but we have enabled it adding to C:\Program Files (x86)\FlexiCloud\Clients\webserver\settings.bin the following line:
disable_http_only=true
moreover if I go to our site with the http: prefix I am redirected automatically to the https:
Where is the problem?
Best.