| TLS_DHE_RSA_WITH_AES_128_CBC_SHA | TLS_DHE_RSA_WITH_AES_256_CBC_SHA | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | TLS...
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA | TLS_DHE_RSA_WITH_AES_256_CBC_SHA | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | TLS...
| ciphers: | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (ecdh_x25519) - C | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_AES_2...
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C | compressors: | NULL | cipher preference: server | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | TLSv1.3: | ciphers: | TLS_AKE_WITH_AES_128_G...
[TLS_RSA_WITH_3DES_EDE_CBC_SHA] removed because of rule '3DES' (Sweet32 vulnerability mitigation) 在此日志文件抽取中,除去第一个密码,因为其包含字符串128。 保留第二个密码,因为此密码不匹配任何规则。 除去第三个密码,因为其包含子字符串3DES,这是由于Sweet32漏洞缓解的硬编码规则,并且缺省情况下禁用所...
[root@node-2 ~]# nmap -sV -p 10250 --script ssl-enum-ciphers 10.1.69.125|grep -E 'DEA|DES' | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | 64-bit block cipher 3DES vulnerable to SWEET32 attack 修改启动脚本:/etc/systemd/system/kubelet.service --tls-cipher-suites=TLS_ECDHE_...
| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A ...
RSA_WITH_3DES_EDE_CBC_SHA(rsa2048)-C|compressors:|NULL|cipher preference:server|warnings:|64-bit block cipher3DES vulnerable to SWEET32 attack|TLSv1.2:|ciphers:|TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(ecdh_x25519)-A|TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(ecdh_x25519)-A|TLS_ECDHE_RSA_...
扫描结果:目标系统支持的SSL/TLS加密算法中包含了易受攻击的TLS_RSA_WITH_3DES_EDE_CBC_SHA算法(标记为C级,表示安全性较弱)。 结论:目标系统存在CVE-2016-2183漏洞,建议禁用不安全的加密算法,并升级OpenSSL版本以提高安全性。 通过以上步骤,可以有效地扫描和检测CVE-2016-2183漏洞,并生成详细的验证报告。
How to resolve the SWEET32 3DES cipher vulnerability. CVE ID CVE-2016-2183 DESCRIPTION A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amount...