Deprecated SSL and Weak Ciphers


A vulnerability scan of a Linux server running the LDAP Proxy duoauthproxy will reveal the following vulnerabilities:

SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection
In addition to TLSv1.0+ the service is also providing the deprecated SSLv3 protocol and supports one or more ciphers. Those supported ciphers can be found in the ‘SSL/TLS: Report Weak and Supported Ciphers’ (OID: NVT.

SSL/TLS: Report Weak Cipher Suites
’Weak’ cipher suites accepted by this service via the TLSv1.2 protocol:

After checking over the configs and documentation, I am not finding the necessary settings to remove SSLV2/3 nor update the weak ciphers.

Is there and advanced setting or something I am missing?


Hi sd_dbray. At present, there is no option for customers to edit SSL/TLS configuration (both protocol versions and ciphersuites) in the Authentication Proxy.

We do plan to restrict SSL/TLS versions allowed by the proxy, but that is still a work-in-progress.


Thanks for the update, appreciate it.