SSL/TLS Forward Secrecy Cipher Suites Not Supported

Medium Web Application Scanning Plugin ID 98617

Synopsis

SSL/TLS Forward Secrecy Cipher Suites Not Supported

Description

The remote server does not offer SSL/TLS cipher suites that support forward secrecy (FS) also known as perfect forward secrecy (PFS). It's a feature that provides assurances the session keys will not be compromised even if server's private key is compromised.

Solution

Reconfigure the affected server to enable cipher suites providing forward secrecy (ECDHE or DHE based cipher suites).

Plugin Details

Severity: Medium

ID: 98617

Type: remote

Family: SSL/TLS

Published: 2019/06/12

Updated: 2019/06/10

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Reference Information

CWE: 327

WASC: Insufficient Transport Layer Protection

OWASP: 2010-A9, 2013-A6, 2017-A3