Recent

Author Topic: synapse openssl limited cipher list  (Read 2034 times)

smancini

  • Newbie
  • Posts: 2
synapse openssl limited cipher list
« on: January 31, 2018, 02:46:56 pm »
Hi All,

I am using Synapse (SSL/TLS Plugin Architecture) in my project and currently i have enable the possibility to set the cipher list and seems that work fine, i am able to filter using different rules there... the point is the following:

If i run by command line: openssl ciphers -v 'ALL:eNULL'
I see a huge cipher suite supported by openssl

but setting the same using the synapse plugin ('ALL:eNULL'), running my server and checking with nmap the list of ciphers i have available the list is too short.

nmap --script ssl-enum-ciphers -p 6000 127.0.0.1

Starting Nmap 7.01 ( https://nmap.org ) at 2018-01-24 12:21 -03
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00017s latency).
PORT     STATE SERVICE
6000/tcp open  X11
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - A
|       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - A
|       TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: client
|     warnings:
|       Ciphersuite uses MD5 for message integrity
|       Weak cipher RC4 in TLSv1.1 or newer not needed for BEAST mitigation
|_  least strength: C

Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds

make me believe that there is some setting or limitation over there that i cannot see the full cipher suite supported by openssl.

Any of you have more information about it? I was searching in the web and could not find enough information to understand what is going on.

Any help would be appreciated.

Regards

Sebastian

 

TinyPortal © 2005-2018