In our web scans, we are seeing weak ciphers-enabled vulnerability. *example:* Netsparker Enterprise detected that weak ciphers are enabled during secure communication (SSL). You should allow only strong ciphers on your webserver to protect secure communication with your visitors. List of Supported Weak Ciphers TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006B) TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027)
I tried the remediation suggested in the following link and updated java. security file as below but no luck. The vulnerability keeps appearing. Am I missing anything? https://support.cloudbees.com/hc/en-us/articles/216526298-Disabling-Specific-Ciphers-In-Jenkins jdk.tls.disabledAlgorithms=MD5,SSLv3,DSA, DESede,DES,3DES, RSA keySize < 2048, CBC, TLSv1, TLSv1.1, RC4,DES-CBC3-SHA keySize <256, 3DES_EDE_CBC,RC4,,MD5withRSA, DH keySize < 1024, \ EC keySize < 224, anon, NULL, \ Windows -2012R2 server Jdk1.8.0_281 Jenkins url: https:<hostname>:8443 -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/5355c6d5-3f00-4894-8263-b3eb55dcc866n%40googlegroups.com.
