SSL CIPHER too weak

[konvergence]

Hi Mike,

I tested the supported cipher by openvas, but these ciphers are too weak.
Do you plan to allow more secure cipher list ?

Here the current list of acceptable ciphers on openvas :

Testing AES256-GCM-SHA384...YES
Testing AES256-SHA256...YES
Testing AES256-SHA...YES
Testing CAMELLIA256-SHA...YES
Testing AES128-GCM-SHA256...YES
Testing AES128-SHA256...YES
Testing AES128-SHA...YES
Testing CAMELLIA128-SHA...YES
Testing DES-CBC3-SHA...YES

[mikesplain]

Hi @konvergence please take a look at this PR and see if it addresses your issue: #156

This was just merged in and is in the process of being built and deployed.

[konvergence]

Hi Mike,

I get well the new restricted ciphers :

Testing AES256-GCM-SHA384...YES
Testing AES256-SHA256...YES
Testing AES256-SHA...YES
Testing CAMELLIA256-SHA...YES
Testing AES128-GCM-SHA256...YES

But regarding to https://www.ssllabs.com/ssltest/analyze.html, it's steell to weak

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)   WEAK | 256
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)   WEAK | 256
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK | 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84)   WEAK | 256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)   WEAK | 128

Is it possible to allow the same ciphers with ECDHE or DHE mode ? for example :

ECDHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
ECDHE-RSA-AES256-SHA
DHE-RSA-AES128-GCM-SHA256 

[konvergence]

sorry I did'nt want to close