Disable Weak RC4 Ciphers PCI Compliance Q2 of 2019

[BubbaTrading]

Hola, I am at my wits end with attempting to obtain compliance for a new PCI vulnerability flagged here in the second calendar quarter of 2019. Specifically this time around, our Payment Processor is demanding we disable "SSL/TLS use of Weak RC4 (Arcfour) Ciphers.

However, I have added :!RC4 to every cipher string tweak entry point within WHM known to me:

• Apache Configuration Config
• cPanel Web Disk Config
• cPanel Web Services Config
• Exim Config
• FTP Server Config
• Mailserver Config

However still the PCI Flag appears for ports 25, 26, 465, and 587 as still making use of RC4.

Am I missing a cipher configuration location? Thank you.

- Allison

 

[cPanelLauren]

Hi @BubbaTrading

Can you please open a ticket using the link in my signature, it sounds like you have covered all the bases but a look at the system may be warranted? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!

 

[BubbaTrading]

Hello, thank you for your reply. We were required to disable all ssh into the server to achieve PCI compliance. As such can a support ticket be created to require login to WHM GUI?

 

[cPanelLauren]

In order to provide support through a ticket we'd need root access to the server. Rejecting SSH access isn't typically a PCI Compliance standard though hardening it is Access using SSH keys & PCI DSS compliance | SSH.COM