Rukender Attri
asked on
SSL Server Supports DES Ciphers (Sweet32 Exposure) - CVE-2016-2183
Hello All,
I need your help to fix CVE-2016-2183 vulnerability in my CentOS release 6.9 (Final) instance.
I have checked for the various solution to fix this like to make the changes in apache/ngnix configuration. But, i dont have apache/ngnix install in my instance.
The openssl version installed in my instance is OpenSSL 1.0.1e-fips 11 Feb 2013.
When I'm trying to update the openssl package using yum, it did not identify any new version of the package available for installation.
Regards
Rukender
I need your help to fix CVE-2016-2183 vulnerability in my CentOS release 6.9 (Final) instance.
I have checked for the various solution to fix this like to make the changes in apache/ngnix configuration. But, i dont have apache/ngnix install in my instance.
The openssl version installed in my instance is OpenSSL 1.0.1e-fips 11 Feb 2013.
When I'm trying to update the openssl package using yum, it did not identify any new version of the package available for installation.
Regards
Rukender
1) https://nvd.nist.gov/vuln/ detail/CVE -2016-2183 relates to an openssl bug.
2) You're running CentOS 6.9 as your OS.
3) EOL Support Window show 6.9 EOL November 30, 2020 so you should still be getting security patches for your OS version through your default installation repositories.
4) Try this...
5) The related RedHat errata page suggests this fix may require hand rearrangement of ciphers lists for various HTTPS away code, like Apache/Dovecot/etc...
Reading Ubuntu docs suggest disabling SSL2 + SSL3 (which should always be done) will fix the problem.
6) Use https://github.com/drwette r/testssl. sh/blob/2. 9dev/tests sl.sh as a quick check to see if your system(s) really have this vulnerability first.
More I read about this, seems like if you're only using TLSv1.2 + TLSv1.3 (as you should be) then this vulnerability is already fixed.
2) You're running CentOS 6.9 as your OS.
3) EOL Support Window show 6.9 EOL November 30, 2020 so you should still be getting security patches for your OS version through your default installation repositories.
4) Try this...
# Update local package cache data
yum check-update
# Now install all your updates
yum update
5) The related RedHat errata page suggests this fix may require hand rearrangement of ciphers lists for various HTTPS away code, like Apache/Dovecot/etc...
Reading Ubuntu docs suggest disabling SSL2 + SSL3 (which should always be done) will fix the problem.
6) Use https://github.com/drwette
More I read about this, seems like if you're only using TLSv1.2 + TLSv1.3 (as you should be) then this vulnerability is already fixed.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
It will update everything