Change in logic for TLS/SSL Weak Message Authentication Code Cipher Suites

Does anyone know what has been modified in vulnerability “TLS/SSL Weak Message Authentication Code Cipher Suites” which was done on 8th Jan 2024.

We saw lot of instances getting reopened which seems to be FP as there are no SHA1 or MD5 ciphers used on the servers and still vulnerability is getting flagged.

Any insight on this would be appreciated.

We added a number of additional weak ciphers that we look for in that check.

It is worth point out that “MDA5 or SHA1” are merely mentioned as examples of weak ciphers.

An example of one of the weak ciphers added to the check is

There are many more that were added, and looking at the proof text provided should hopefully provide you the information on what cipher is being flagged.


Thanks Kevin, that really helps!

Were the checks of the 2 ciphers removed on Feb 26th? These are no longer appearing on reports. I’m seeing on that vulnerability that it was modified on the 26th.

Ciphersuite Info
Ciphersuite Info

Is there any way to search by a specific proof i.e. a specific cipher?