SOLVED How to disable LUCKY13 (CVE-2013-0169) PureFTP

JIKOmetrix

JIKOmetrix

Well-Known Member
Apr 3, 2007
255
51
178
Hello,

My Merchant provider did a PCI scan and I was asked to fix a few things.

During my testing before rescanning for PCI comp I saw mention of:

LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches​

I was testing with testssl.sh

./testssl.sh --starttls ftp 144.xxx.zzz.xxx:21

How do I disable the LUCKY13 cipher in PureFTP?

Is it as simple as adding !LUCKY13 to the cipher list?

I currently have the cipher suite set as "HIGH:+TLSv1:!SSLv2:+SSLv3:!aNULL:!eNULL"

Thanks,
Mike
 
Last edited by a moderator:
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
U How to access WHM panel with Disabled root user Security 5
B AutoSSL / Wildcard / Error? / Can't Disable Request? Security 16
B How to disable annoying Imunify::Generic emails in WHM 108? Security 9
L how to disable Diffie-Hellman Security 5
S Disabled shell vs Jailed Shell with mod_ruid2 Security 4
Similar threads
How to access WHM panel with Disabled root user
AutoSSL / Wildcard / Error? / Can't Disable Request?
How to disable annoying Imunify::Generic emails in WHM 108?
how to disable Diffie-Hellman
Disabled shell vs Jailed Shell with mod_ruid2
Top Bottom