DES-based cipher suites from BFI and SCA

My latests network scans are showing that DES cipher was downgraded to 112 bits and is being used by SCA and BFI… even after disable DES cipher thru the Windows Registry and upgrading both tools to the latest versions they are still showing as being used.

I am running nessus scans and scanning the 443 with sslscan with the results:

Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
Accepted TLSv1.2 112 bits DES-CBC3-SHA

Plugin Output :

Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

  EDH-RSA-DES-CBC3-SHA         Kx=DH          Au=RSA      Enc=3DES-CBC(168)        Mac=SHA1   
  DES-CBC3-SHA                 Kx=RSA         Au=RSA      Enc=3DES-CBC(168)        Mac=SHA1   

Are anyone getting similar results?
Cheers, diego

1 Like