SSL/TLS Deprecated Ciphers Unsupported

critical Nessus Plugin ID 132675
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host uses deprecated SSL/TLS ciphers which are unsupported

Description

The remote host has open SSL/TLS ports which advertise deprecated cipher suites. The ciphers contained in these suites are no longer supported by most major ssl libraries such as OpenSSL, NSS, Mbed TLS, and wolfSSL and, as such, should not be used for secure communication.

Nessus 8.9 and later no longer supports these ciphers.

Solution

Upgrade to a cipher suite which does not contain deprecated ciphers.

Plugin Details

Severity: Critical

ID: 132675

File Name: ssl_deprecated_ciphers_89.nasl

Version: 1.5

Type: remote

Family: General

Published: 1/6/2020

Updated: 2/3/2021

Dependencies: ssl_supported_ciphers.nasl

Vulnerability Information

Excluded KB Items: global_settings/disable_test_ssl_based_services

Reference Information

IAVA: 0001-A-0635