Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PCI Complianc with SecurityMetrics - Weak Ciphers

Discussion in 'Security' started by electron33, May 14, 2012.

  1. electron33

    electron33 Well-Known Member

    Feb 24, 2004
    Likes Received:
    Trophy Points:

    I'm been having a hard time with passing a securitymetics scan.
    The problem seems to be related to ports 443 and port 465 supporting weak ciphers.

    I have followed all the recommendations to disable ss2 and low and medium ciphers for exim and openSSL.

    However, securitymetrics techs just emailed me the following:

    Any idea please!
    Here is the list of SSL ciphers supported by the remote server Host

    Low Strength Ciphers (< 56-bit key)
    EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
    EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
    EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
    EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export

    High Strength Ciphers (>= 112-bit key)
    EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
    DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
    DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
    DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
    AES128-SHA Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
    AES256-SHA Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
    Once these ciphers have been disabled a new scan should be ran to remove the issues.

    Here's what I got from my server:
    root@dipel [/home/user]# openssl ciphers
    #1 electron33, May 14, 2012
    Last edited: May 14, 2012

Share This Page