The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PCI compliance port 443

Discussion in 'Security' started by JamesAB, Nov 25, 2014.

  1. JamesAB

    JamesAB Active Member

    Joined:
    Apr 12, 2003
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    New Hampshire
    My last PCI scan reported "SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability".

    Here's the full text:
    I checked my settings in Home » Service Configuration » Apache Configuration » Global Configuration
    SSL Cipher Suite is set cPanel's PCI recommended
    Code:
    ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH
    SSL/TLS Cipher Suite is set to
    Code:
    All -SSLv2 -SSLv3
    I found this old thread where the solution was listed as changing SSL Cipher Suite to
    Code:
    RC4-SHA:HIGH:!ADH:!AES256-SHA:!ECDHE-RSA-AES256-SHA384:!AES128-SHA:!DES-CBC3-SHA:!DES-CBC3-MD5:!IDEA-CBC-SHA:!RC4-MD5:!IDEA-CBC-MD5:!RC2-CBC-MD5:!MD5:!aNULL:!EDH:!AESGCM
    Is this still considered a valid and best solution? Are there any other settings I need to look at as well?

    I also followed the Troubleshooting PCI Compliance guide here and found there was only one one global SSLCipherSuite entry, so I don't thinks that is the issue.

    Any help would be greatly appreciated.

    Thanks,
    James
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    651
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. LostNerd

    LostNerd Well-Known Member

    Joined:
    Mar 12, 2014
    Messages:
    258
    Likes Received:
    11
    Trophy Points:
    18
    Location:
    Hastings, East Sussex, UK
    cPanel Access Level:
    Root Administrator
    Twitter:
  4. Solokron

    Solokron Well-Known Member

    Joined:
    Aug 8, 2003
    Messages:
    849
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle
    cPanel Access Level:
    DataCenter Provider
    We are running into this issue as well. Everything is clear but BEAST in our PCI scan. JamesAB did that ultimately do the trick or did you have to use a different method?
     
  5. Solokron

    Solokron Well-Known Member

    Joined:
    Aug 8, 2003
    Messages:
    849
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle
    cPanel Access Level:
    DataCenter Provider
    Those cipher changes are not making a difference unfortunately as we are still triggering it.
     
Loading...

Share This Page