Get a prompt and clear overview of your security configuration. Right now!
ADH (Anonymous Diffie-Hellman)
The anonymous Diffie-Hellman[404] key exchange[133] is a variant of Diffie-Hellman[99][100][101][102][103] key exchange that does not provide authenticity[75][76][77]. Lack of authentication causes that the identity of server cannot be proved, so connection is open for a man-in-the-middle attack[61].
anon
Lack of authentication is combined with anonymous key exchange[397][398], identity of server cannot be proved, so connection is open for a man-in-the-middle attack[61].
Remove the cipher suite from the list of cipher suites supported by your server.
RC4-40
Encryption algorithm Rivest Cipher 4[370][371][372][373] is a stream cipher[182][183] which is more malleable[134] than a block cipher[78][79][80][81]. It has multiple vulnerabilities[375][376][377][378][379] (eg: related-key attack[68], distinguishing attack[60], ...) and RC4 as a 40-bit encryption key size[122][123] is weakened against brute-force attack[54]. It cannot provide confidentiality[91][92][93], so connection is available or disclosed to unauthorized individuals, entities, or processes.
Remove the cipher suite from the list of cipher suites supported by your server.
40
Any symmetric key[185][186][187] with key size[184] less than 128 bits are disallowed by National Institute of Standards and Technology[470][471] as it is vulnerable to preimage attack[67] in theory. It cannot reliably prove that message came from the stated sender (its authenticity) and has not been changed, so connection is open for a man-in-the-middle attack[61].
Remove the cipher suite from the list of cipher suites supported by your server.
MD5
message authentication code[135][136][137][138] is a hashed message authentication code[139][140][141][142][143][144][145] which is considered secure[456][457], despite the fact that the underlaying cryptographic hash function[94][95][96][97] (MD5[197][198][199]) is considered insecure[200][201] as it vulnerable to collision attack[57] in practice and to preimage attack[67] in theory.
Leading client applications do not use this type of message authentication code[135][136][137][138]. Unless your application or requirements specifically call for their use, it is generally safer to avoid cipher suites that are not adopted and supported by a critical mass of the industry. If your application or requirements specifically call for the use of a message authentication code[135][136][137][138] that does not provide authenticated encryption[74] prefer block cipher mode of operation[82][83][84][85][86] (eg: counter with CBC-MAC[32][33][34], Galois/Counter Mode[46][47][48][49] or message authentication code[135][136][137][138] (eg: Poly1305[458][459]) that proved authenticated encryption over the ones which does not provide it. In case of a hashed message authentication code[139][140][141][142][143][144][145] prefer message authentication code[135][136][137][138] based on Secure Hash Algorithm 2[212][213][214] over the ones based on MD5[197][198][199].