Rule from ssl under security category
Passmarked is made out of users just like you who helped supply some content. Click below to contribute to this rule. We need you.Add content to this rule
Anonymous ciphers were introduced to be used in scenarios where only opportunistic encryption can be can be created, when no set-up for authentication is in place. One common example of this is emails, the idea was that clients could request a Anonymous cipher and save the server the generation of a SSL handshake.
Moving to HTTP and HTTPS these ciphers are more dangerous than good, and it recommended that they are disabled on the server serving the SSL information.
To fix make sure that the server is not configured to announce and support any Anonymous ciphers.
For a quick start the following can be used:
take of the
!ADH, which have been negated from the chipher list.
Passmarked works best when you have an account. It allows you to keep a dashboard with saved data of the sites you have run through the system, we’ll alert you about important updates and you get access to the Passmarked Slack forum.Sign up to get started