My Oracle Support Banner

SL3000 - Reporting Weak Algorithms Supported in ssh, the Remote SSH Server is Configured to Allow Weak Encryption Algorithms or no Algorithm at All (Doc ID 2498960.1)

Last updated on MARCH 13, 2024

Applies to:

Sun StorageTek SL3000 Modular Library System - Version Not Applicable and later
Information in this document applies to any platform.

Symptoms

Reporting weak algorithms supported in ssh.

Security team has scanned our sl3000 and its reporting weak algorithms supported Plugin Output:
"The following weak server-to-client encryption algorithms are supported :

 arcfour
 arcfour128
 arcfour256"
"The remote SSH server is configured to allow weak encryption algorithms or no algorithm at all."

The oracle FE applied the latest code, but the issue still remains. We are seeing 3 different "findings" for this as follows.

- "Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption."
- "Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms."
- "Contact the vendor or consult product documentation to remove the weak ciphers."

The scan reported this..

Plugin Output:
The following client-to-server Cipher Block Chaining (CBC) algorithms are supported :

 3des-cbc
 aes128-cbc
 aes192-cbc
 aes256-cbc
 blowfish-cbc
 cast128-cbc

"Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption."


---------------------------------------------------------------------

Plugin Output:
The following client-to-server Message Authentication Code (MAC) algorithms are supported :

 hmac-md5
 hmac-md5-96
 hmac-sha1-96

Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.


---------------------------------------------------------------------

Plugin Output:
The following weak server-to-client encryption algorithms are supported :

 arcfour
 arcfour128
 arcfour256


"Contact the vendor or consult product documentation to remove the weak ciphers."

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.