Unbale to disable weak CBC ciphers and HMAC

Solution In Progress - Updated -

Issue

Per recent vulnerability scan by Nessus, it's been found that an git SSH Server of Business Central has the following vulnerabilities.

1. CBC Mode Ciphers Enabled -

The SSH server is configured to use Cipher Block Chaining.

The following client-to-server Cipher Block Chaining (CBC) algorithms are supported :
aes192-cbc
aes256-cbc
The following server-to-client Cipher Block Chaining (CBC) algorithms are supported :
aes192-cbc
aes256-cbc

2. SSH Weak MAC Algorithms Enabled -

The remote SSH server is configured to allow MD5 and 96-bit MAC algorithms.

The following client-to-server Message Authentication Code (MAC) algorithms are supported :
hmac-md5
hmac-md5-96
hmac-sha1-96
The following server-to-client Message Authentication Code (MAC) algorithms are supported :
hmac-md5
hmac-md5-96
hmac-sha1-96

Is there a way to disable these weak ciphers/macs?

Environment

  • Red Hat JBoss BPM suite
  • Red Hat JBoss BRMS
    • 6.4.11 and before
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
    • 7.2.x and before

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content