Werk #15070: Drop support for weak DH ciphers

Komponente

User interface

Titel

Drop support for weak DH ciphers

Datum

30.03.2023

Level

Kleine Änderung

Klasse

Sicherheitsfix

Kompatibilität

Kompatibel - benötigt kein manuelles Eingreifen

Checkmk versions & editions

2.3.0b1	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0b3	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.1.0p26	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

With this Werk two TLS ciphers are disabled from the stunnel configuration. stunnel is used when the Encrypt communication option in Enable Livestatus access via network (TCP) or Notification Spooler Configuration is used.

To our knowledge no attacks on these ciphers are known, this is a hardening measure.

We rate this with a CVSS of 0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N). This CVSS is primarily meant to please automatic scanners.

Zur Liste aller Werks