Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

PCI Complianc with SecurityMetrics - Weak Ciphers

Discussion in 'Security' started by electron33, May 14, 2012.

  1. electron33

    electron33 Well-Known Member

    Feb 24, 2004
    Likes Received:
    Trophy Points:

    I'm been having a hard time with passing a securitymetics scan.
    The problem seems to be related to ports 443 and port 465 supporting weak ciphers.

    I have followed all the recommendations to disable ss2 and low and medium ciphers for exim and openSSL.

    However, securitymetrics techs just emailed me the following:

    Any idea please!
    Here is the list of SSL ciphers supported by the remote server Host

    Low Strength Ciphers (< 56-bit key)
    EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
    EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
    EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
    EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export

    High Strength Ciphers (>= 112-bit key)
    EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
    DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
    DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
    DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
    AES128-SHA Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
    AES256-SHA Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
    Once these ciphers have been disabled a new scan should be ran to remove the issues.

    Here's what I got from my server:
    root@dipel [/home/user]# openssl ciphers
    #1 electron33, May 14, 2012
    Last edited: May 14, 2012

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice