Sanjith Abraham1709159567 Posted January 4 Share Posted January 4 hi All , Does anyone know how to disable old SHA-1 algorithm that SSH uses on netscaler SDX/SVM ? following algorithms are tagged as vulnerable on qualys scan QID38909(Qualys) hmac-sha1 <<--- OLD hmac-sha1-96 <<--- OLD hmac-sha1-etm@openssh.com <<--- OLD hmac-sha1-96-etm@openssh.com <<--- OLD bash-3.2# ssh -Q mac hmac-sha1 <<--- OLD hmac-sha1-96 <<--- OLD hmac-sha2-256 hmac-sha2-512 hmac-md5 hmac-md5-96 umac-64@openssh.com umac-128@openssh.com hmac-sha1-etm@openssh.com <<--- OLD hmac-sha1-96-etm@openssh.com <<--- OLD hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com hmac-md5-etm@openssh.com hmac-md5-96-etm@openssh.com umac-64-etm@openssh.com umac-128-etm@openssh.com bash-3.2# Link to comment Share on other sites More sharing options...
Chad Buser Posted January 9 Share Posted January 9 See if this applies to you... https://support.citrix.com/article/CTX209398/addressing-false-positives-from-cbc-and-mac-vulnerability-scans-of-netscaler-sshd Chad Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now