Disable Weak RC4 Ciphers PCI Compliance Q2 of 2019

BubbaTrading

Member
Jun 5, 2019
6
0
1
United States
cPanel Access Level
Root Administrator
Twitter
Hola, I am at my wits end with attempting to obtain compliance for a new PCI vulnerability flagged here in the second calendar quarter of 2019. Specifically this time around, our Payment Processor is demanding we disable "SSL/TLS use of Weak RC4 (Arcfour) Ciphers.

However, I have added :!RC4 to every cipher string tweak entry point within WHM known to me:
  • Apache Configuration Config
  • cPanel Web Disk Config
  • cPanel Web Services Config
  • Exim Config
  • FTP Server Config
  • Mailserver Config

However still the PCI Flag appears for ports 25, 26, 465, and 587 as still making use of RC4.

Am I missing a cipher configuration location? Thank you.

- Allison
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Hi @BubbaTrading

Can you please open a ticket using the link in my signature, it sounds like you have covered all the bases but a look at the system may be warranted? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston