Need to disable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm Post: 302979098

Sponsored Content

Operating Systems Solaris Need to disable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm Post 302979098 by amity on Tuesday 9th of August 2016 09:32:40 AM

08-09-2016

Registered User

Dear Jim

Thanks for the showing interest in resolving my issue actually I cannot login into this server due to some restriction but I need to provide the solution to disable it. This is recommeded by audit team, please find below link

A Security Vulnerability in Solaris Secure Shell (SSH) May Expose Some Plain Text From Encrypted Traffic

These are related to security issue. I am not able to find anything exactly related to disabling these for Solaris . Further I am able to find out only one solution on IBM/HPE site. I hope these will help you in finding the exact answer from Solaris point of view.

FAQ: How do I disable Cipher Block Chaining (CBC) Mode Ciphers and Weak MAC Algorithms in SSH in IBM PureData System for Operational Analytics - dWAnswers
Solved: Disable CBC mode cipher encryption , MD5 and 96-bi... - Hewlett Packard Enterprise Community

Last edited by amity; 08-09-2016 at 10:41 AM.. Reason: add one more link for better understanding

amity

View Public Profile for amity

Find all posts by amity

7 More Discussions You Might Find Interesting

1. Cybersecurity

MD5 to DES encryption

Is it possible to change the type of encryption from MD5 to DES without removing a user? Way back when this server was created, users were created with the MD5 encryption. Now, all users created with DES encryption. Is it possible to just change the type of password encryption? Users using...

2. AIX

How to disable encryption below 128 bit in Websphere ?

Hi, Hi I have setup Websphere Portal and Apache server on Solaris. The problem is that clients are allowed to negotiate lower encryption levels and by default the Websphere Apache HTTP server accepts 56-bit keys (your Firefox client requested 256-bit AES below). So How to disable...

3. Solaris

md5 encryption on solaris 8

is there patches enable passwords of greater than 8 characters with only md5 encryption (rather than the older crypt) for solaris 8. I am migrating a number of solaris 8 domains to branded zones.

4. Cybersecurity

How to Disable Ciphers and Reconfigure Encryption?

Hello, I recently had a Retina scan of my system and there are some findings I do not understand. SSL Week Cipher Strength Supported - Retina has detected that the targeted SSL Service supports a cryptographically weak cipher strength... Disable ciphers that support less than 128-bit...

5. Cybersecurity

File encryption tools with MAC address as an encryption key

Hi all, I'm looking for secure file encryption tools that use MAC address as encryption key. FYI, I'm using Red Hat Enterprise Linux OS. For example: when A wants to send file to B A will encrypt the file with B's computer MAC/IP address as an encryption key This file can only be decrypted...

6. Solaris

Solaris 8 MD5 encryption support

Hi, I did some NIS migration tests recently. The target is to migrate the NIS server from Solaris 8 to Redhat Linux 6.5. And, I found there are encryption issues while Linux NIS using MD5 hashing password for authentication whereas Solaris 8 clients using DES encryption. It causes issues...

7. UNIX for Advanced & Expert Users

Disabling CBC Cipher mode causes login problems

Hi, As part of the security hardening activity in our team, we have to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption. To do this, in sshd_config I comment out these lines : Ciphers aes128-cbc,blowfish-cbc,3des-cbc MACS hmac-sha1,hmac-md5 and add...

LEARN ABOUT REDHAT

uri::url

URI::URL(3)						User Contributed Perl Documentation					       URI::URL(3)

NAME

       URI::URL - Uniform Resource Locators

SYNOPSIS

	$u1 = URI::URL->new($str, $base);
	$u2 = $u1->abs;

DESCRIPTION

       This module is provided for backwards compatibility with modules that depend on the interface provided by the "URI::URL" class that used to
       be distributed with the libwww-perl library.

       The following differences compared to the "URI" class interface exist:

       o  The URI::URL module exports the url() function as an alternate constructor interface.

       o  The constructor takes an optional $base argument.  The "URI::URL" class is a subclasses of "URI::WithBase".

       o  The URI::URL->newlocal class method is the same as URI::file->new_abs

       o  URI::URL::strict(1)

       o  $url->print_on method

       o  $url->crack method

       o  $url->full_path; same as ($uri->abs_path || "/")

       o  $url->netloc; same as $uri->authority

       o  $url->epath, $url->equery; same as $uri->path, $uri->query

       o  $url->path and $url->query pass unescaped strings.

       o  $url->path_components; same as $uri->path_segments (if you don't consider path segment parameters).

       o  $url->params and $url->eparams methods.

       o  $url->base method.  See URI::WithBase.

       o  $url->abs and $url->rel have an optional $base argument.  See URI::WithBase.

       o  $url->frag; same as $uri->fragment

       o  $url->keywords; same as $uri->query_keywords;

       o  $url->localpath with friends map to $uri->file

       o  $url->address and $url->encoded822addr; same as $uri->to for mailto URI.

       o  $url->groupart method for news URI.

       o  $url->article; same as $uri->message

SEE ALSO

       URI, URI::WithBase

COPYRIGHT

       Copyright 1998-2000 Gisle Aas.

perl v5.8.0							    2002-05-09							       URI::URL(3)