How to find Weak Cipher Suites from Logs?

Product: FID

Version: Any version

Weak Cipher Suites: They can be verified from web.log (available at <RLI_HOME>\vds\vds_server\jetty) while starting the server

Capture.PNG

 

Here are the list of the weak cipher suites:

 

TLS_RSA_WITH_AES_128_CBC_SHA

(0x002F)

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

(0x0033)

TLS_RSA_WITH_AES_256_CBC_SHA

(0x0035)

TLS_DHE_DSS_WITH_AES_256_CBC_SHA

(0x0038)

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

(0x0039)

TLS_RSA_WITH_AES_128_CBC_SHA256

(0x003C)

TLS_RSA_WITH_AES_256_CBC_SHA256

(0x003D)

TLS_DHE_DSS_WITH_AES_128_CBC_SHA

(0x0040)

TLS_RSA_WITH_AES_128_GCM_SHA256

(0x009C)

TLS_RSA_WITH_AES_256_GCM_SHA384

(0x009D)

TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA

(0xC004)

TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

(0xC005)

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

(0xC009)

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

(0xC00A)

TLS_ECDH_RSA_WITH_AES_128_CBC_SHA

(0xC00E)

TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

(0xC00F)

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

(0xC013)

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

(0xC014)

 

To verify if any of your application is using these weak cipher suites, we can Enable Debug SSL in Settings from Control Panel and check it in vds_server.log

 

The first entry of “cipher suites” will be in the “ClientHello” section.  The “cipher suite” that was being used, will be in the “ServerHello” section.

From the vds_server.log you can also filter on “type=host_name” and find all hosts hitting FID, and check the "ClientHello" and "ServerHello” section to see what cipher suites are negotiated between application and FID.

 

It is always suggested to check with your application team if they are using any weak cipher suites.

 

 

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section