Server has Anonymous ciphers enabled

Rule from ssl under security category

What is a trooper!

we have submitted your edit to the community for review! We'll review and make it live on the site in the next few hours, the internet thanks you :).

Browse another section of the knowledge base



Suggest an edit

Cancel

This rule has no content... yet.

Add content to this rule

Or just browse to view rules that have content



 

Anonymous ciphers were introduced to be used in scenarios where only opportunistic encryption can be can be created, when no set-up for authentication is in place. One common example of this is emails, the idea was that clients could request a Anonymous cipher and save the server the generation of a SSL handshake.

Moving to HTTP and HTTPS these ciphers are more dangerous than good, and it recommended that they are disabled on the server serving the SSL information.

How do I fix this ?

To fix make sure that the server is not configured to announce and support any Anonymous ciphers.

For a quick start the following can be used:

ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH:!aNULL

take of the !aNULL, !kEDH and !ADH, which have been negated from the chipher list.

Resources

Browse another section of the knowledge base



Signup icon
Ready to see how well your site scores?

Passmarked works best when you have an account. It allows you to keep a dashboard with saved data of the sites you have run through the system, we’ll alert you about important updates and you get access to the Passmarked Slack forum.

Sign up to get started