Mirth Connect

• Type: Improvement
• Status: Closed
• Priority: Minor
• Resolution: Fixed
• Affects Version/s: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.1.1, 1.2.0, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.5.0, 1.6.0, 4.0
• Fix Version/s: 1.7.0
• Component/s: Server
• Labels:

  None
• Environment:

  Any Platform

Weak ssl ciphers are supported by built in Jetty https server. Change to strong ciphers.

Jetty howto: http://docs.codehaus.org/display/JETTY/SSL+Cipher+Suites


Nessus output:
Synopsis :

The remote service supports the use of weak SSL ciphers.

Description :

The remote host supports the use of SSL ciphers that
offer either weak encryption or no encryption at all.

See also :

http://www.openssl.org/docs/apps/ciphers.html

Solution :

Reconfigure the affected application if possible to avoid use of
weak ciphers.

Risk factor :

Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)

Plugin output :

Here is a list of the SSL ciphers supported by the remote server :

Low Strength Ciphers (< 56-bit key)
SSLv3
EXP-EDH-DSS-DES-CBC-SHA Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export
TLSv1
EXP-EDH-DSS-DES-CBC-SHA Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export

Medium Strength Ciphers (>= 56-bit and < 112-bit key)
SSLv3
EDH-DSS-DES-CBC-SHA Kx=DH Au=DSS Enc=DES(56) Mac=SHA1
TLSv1
EDH-DSS-DES-CBC-SHA Kx=DH Au=DSS Enc=DES(56) Mac=SHA1

High Strength Ciphers (>= 112-bit key)
SSLv3
EDH-DSS-DES-CBC3-SHA Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
TLSv1
EDH-DSS-DES-CBC3-SHA Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
DHE-DSS-AES128-SHA Kx=DH Au=DSS Enc=AES(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}


Nessus ID : 21643

This issue clones:
MIRTH-1924	Disable weak SSL ciphers in Jetty server

• Assignee:

  Gerald Bortis

  Reporter:

  steve ruiz

• Created:

  13/Jul/07 11:18 AM

  Updated:

  15/Aug/11 3:48 PM

  Resolved:

  15/Aug/11 3:48 PM