We have CIMC reporting to our Tenable scanner that it is vulnerablity to Terrapin Vulnerability. see below :
./Terrapin-Scanner Report Remote Banner: SSH-2.0-OpenSSH_8.8 PKIX[13.2.3]
- ChaCha20-Poly1305 support: true
- CBC-EtM support: false
- Strict key exchange support: false
- The scanned peer is VULNERABLE to Terrapin.
I am trying to understand how to view\change the ciphers we are using so they are not vulnerable any longer. Here is what I am seeing is currently enabled.
servername /cimc/tls-config # show detail
TLS Configuration:
TLS Static Cipher Enabled: NA
Configured TLS Version: TLSv1.2, TLSv1.3
TLS Version 1.2 Enabled: yes
TLS Version 1.2 Cipher Mode: High
TLS Version 1.2 Cipher List: ALL:!DH:!EDH:!ADH:!EXP:!EXPORT40:!EXPORT56:!LOW:!MEDIUM:!RC4:!3DES:!SSLv2:!eNULL:!aNULL:!PSK:!SRP:!RSA:+HIGH
TLS Version 1.2 Custom Status: NA
TLS Version 1.3 Cipher Suite: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256