SYSTEM INFORMATION | |
---|---|
RHEL | 7.9 |
Webmin version | 1.991 |
===============================================================
I have this config in /etc/webmin/miniserv.conf
port=10000
addtype_cgi=internal/cgi
realm=Webmin Server
logfile=/var/webmin/miniserv.log
errorlog=/var/webmin/miniserv.error
pidfile=/var/webmin/miniserv.pid
logtime=168
ssl=1
no_ssl2=1
no_ssl3=1
no_tls1=1
no_tls1_1=1
ssl_honorcipherorder=1
no_sslcompression=1
env_WEBMIN_CONFIG=/etc/webmin
env_WEBMIN_VAR=/var/webmin
atboot=1
logout=/etc/webmin/logout-flag
listen=10000
denyfile=.pl$
log=1
blockhost_failures=5
blockhost_time=60
syslog=1
ipv6=1
session=1
premodules=WebminCore
userfile=/etc/webmin/miniserv.users
keyfile=/etc/webmin/miniserv-202010-xxxxxxxx_key.pem
passwd_file=/etc/shadow
passwd_uindex=0
passwd_pindex=1
passwd_cindex=2
passwd_mindex=4
passwd_mode=0
passdelay=1
login_script=/etc/webmin/login.pl
logout_script=/etc/webmin/logout.pl
cipher_list_def=1
failed_script=/etc/webmin/failed.pl
nolog=.xhr.
extracas=
certfile=/etc/webmin/miniserv-202010-star_xxxxxx_com.pem
no_tls1_2=
ssl_redirect=0
logouttimes=
preroot=gray-theme
ssl_cipher_list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:!RC4:HIGH:-TLSv1:-TLSv1.1:+TLSv1.2:!RC4:!MD5:!ADH:!aNULL:!eNULL:!NULL:!DH:!ADH:!EDH
twofactor_provider=totp
root=/usr/libexec/webmin
mimetypes=/usr/libexec/webmin/mime.types
server=MiniServ/1.999
Iâm using a Greenbone Security Assistant Vulnerabiltiy scanner.
It is enumerating these âMediumâ ciphers being offered on port 10000 and 20000
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
I donât have any CBC based ciphers specified. I donât know what Iâm doing wrong with my configuration to not have it work for the ciphers I specified.