Unbale to disable weak CBC ciphers and HMAC

Solution In Progress - Updated -

Issue

Per recent vulnerability scan by Nessus, it's been found that an git SSH Server of Business Central has the following vulnerabilities.

1. CBC Mode Ciphers Enabled -

The SSH server is configured to use Cipher Block Chaining.

The following client-to-server Cipher Block Chaining (CBC) algorithms are supported :
aes192-cbc
aes256-cbc
The following server-to-client Cipher Block Chaining (CBC) algorithms are supported :
aes192-cbc
aes256-cbc

2. SSH Weak MAC Algorithms Enabled -

The remote SSH server is configured to allow MD5 and 96-bit MAC algorithms.

The following client-to-server Message Authentication Code (MAC) algorithms are supported :
hmac-md5
hmac-md5-96
hmac-sha1-96
The following server-to-client Message Authentication Code (MAC) algorithms are supported :
hmac-md5
hmac-md5-96
hmac-sha1-96

Is there a way to disable these weak ciphers/macs?

Environment

  • Red Hat JBoss BPM suite
  • Red Hat JBoss BRMS
    • 6.4.11 and before
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
    • 7.2.x and before

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In