Security Metrics PCI Compliance Fix: SSL 64-bit Block Size Cipher Suites Supported (SWEET32)

Security Metrics recently tweaked their scan settings in 2017.  Recently this came up as a problem.

Problem: SSL 64-bit Block Size Cipher Suites Supported (SWEET32)
The remote service supports the use of 64-bit block ciphers.



First off, run the following command on your server
nmap --script ssl-enum-ciphers -p 443 SERVER_IP

It will return a list of ciphers, look to see if you have this in the list

|       TLS_RSA_WITH_3DES_EDE_CBC_SHA – strong

If you are running Apache, open your vhost file where you have your SSLCipherSuite defined.  Remove the line


And restart your apahce server
Run the command
nmap --script ssl-enum-ciphers -p 443 SERVER_IP

And ensure you don’t see this line

Rerun your security metrics scan and you should be okay.