We have the community version of Eramba installed using Docker. Our vulnerability scanner reported some insecure cipher suites such as the below on port 8443:
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CCM
TLS_RSA_WITH_AES_256_CCM_8
Where do we go to remove these ciphers suites? Thanks.
Following. We have the same issue and a security and compliance review due shortly where this will be highlighted. The irony of our GRC solution using insecure ciphers has been noted. It would be nice to demonstrate how quickly our GRC solution provider responds to compliance issues with their own software…
