My latests network scans are showing that DES cipher was downgraded to 112 bits and is being used by SCA and BFI… even after disable DES cipher thru the Windows Registry and upgrading both tools to the latest versions they are still showing as being used.
I am running nessus scans and scanning the 443 with sslscan with the results:
Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
Accepted TLSv1.2 112 bits DES-CBC3-SHA
Plugin Output :
Here is the list of medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
TLSv1
EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1
Are anyone getting similar results?
Cheers, diego