Change in logic for TLS/SSL Weak Message Authentication Code Cipher Suites

Does anyone know what has been modified in vulnerability “TLS/SSL Weak Message Authentication Code Cipher Suites” which was done on 8th Jan 2024.

We saw lot of instances getting reopened which seems to be FP as there are no SHA1 or MD5 ciphers used on the servers and still vulnerability is getting flagged.

Any insight on this would be appreciated.

We added a number of additional weak ciphers that we look for in that check.

It is worth point out that “MDA5 or SHA1” are merely mentioned as examples of weak ciphers.

An example of one of the weak ciphers added to the check is https://ciphersuite.info/cs/TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384/

There are many more that were added, and looking at the proof text provided should hopefully provide you the information on what cipher is being flagged.

2 Likes

Thanks Kevin, that really helps!