Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

PCI Complianc with SecurityMetrics - Weak Ciphers

Discussion in 'Security' started by electron33, May 14, 2012.

  1. electron33

    electron33 Well-Known Member

    Joined:
    Feb 24, 2004
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    166
    Hi,

    I'm been having a hard time with passing a securitymetics scan.
    The problem seems to be related to ports 443 and port 465 supporting weak ciphers.

    I have followed all the recommendations to disable ss2 and low and medium ciphers for exim and openSSL.

    However, securitymetrics techs just emailed me the following:

    Any idea please!
    ----------------------------------------------------------------------------------------
    Here is the list of SSL ciphers supported by the remote server Host

    Low Strength Ciphers (< 56-bit key)
    TLSv1
    EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
    EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
    EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
    EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export

    High Strength Ciphers (>= 112-bit key)
    TLSv1
    EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
    DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
    DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
    DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
    AES128-SHA Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
    AES256-SHA Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
    ==========================================================================
    Once these ciphers have been disabled a new scan should be ran to remove the issues.
    --------------------------------------------------------------------------------------------------------------



    Here's what I got from my server:
    root@dipel [/home/user]# openssl ciphers
    Code:
    DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:KRB5-DES-CBC3-MD5:KRB5-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:KRB5-RC4-MD5:KRB5-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:KRB5-DES-CBC-MD5:KRB5-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-KRB5-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-RC4-MD5:EXP-RC4-MD5
     
    #1 electron33, May 14, 2012
    Last edited: May 14, 2012
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice