The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED PCI failed for TLS version 1.0 protocol

Discussion in 'Security' started by linux-tech, Dec 9, 2016.

Tags:
  1. linux-tech

    linux-tech Member

    Joined:
    Jun 15, 2016
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    india
    cPanel Access Level:
    Root Administrator
    Hello,

    Today my customer is came up with a failed PCI report. I have enclosed a screenshot of it and pasting the error below.
    Code:
    +++++++++++++
    Port
    Protocol Service
    CVSS
    2083
    TCP
    www
    5.00
    T itle
    FAIL
    TLS   Version   1.0   Protocol   Detection   (PCI   DSS)
    Synopsis:
    The   remote   service   encrypts   traffic   using   a   protocol   with   known   weaknesses.
    Impact:
    The   remote   service   accepts   connections   encrypted   using   TLS   1.0.   This   version
    of   TLS   is   affected   by   multiple   cryptographic   flaws.   An   attacker   can   exploit
    these   flaws   to   conduct   man-in-the-middle   attacks   or   to   decrypt
    communications   between   the   affected   service   and   clients.   As   per   PCI   Security
    Standards   Council   April   1,   2015   document   `Migrating   from   SSL   and   Early   TLS`   all
    TLS   1.0   encryption   usage   must   include   a   Mitigation   and   Migration   plan   detailing
    current   risk   management   plus   migration   strategy   off   early   TLS   to   secure   TLS
    versions   such   as   TLS   1.1   or   1.2   on   or   before   June   30,   2016.   Consult   the
    application's   documentation   for   information   on   how   to   upgrade   TLS   to   version
    1.1   or   greater   (TLS   1.2   strongly   recommended)   or   upgrade   the   application   to   a
    version   that   uses   TLS   version   1.1   or   greater.
    
    
    
    
    +++++++++
    
    I have checked my cPanel web serivce configuration and the following is listed.
    Code:
    TLS / SSl Cipher lis: ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5
    
    TLS/SSL protocol : SSLv23:!SSLv2:!SSLv3
    
    Can somebody let me know what changes I need make inorder to pass the PCI compliant.
     

    Attached Files:

    #1 linux-tech, Dec 9, 2016
    Last edited: Dec 9, 2016
  2. Dave Smith

    Dave Smith Active Member

    Joined:
    Mar 20, 2016
    Messages:
    25
    Likes Received:
    6
    Trophy Points:
    3
    Location:
    Lisbon
    cPanel Access Level:
    Root Administrator
    #2 Dave Smith, Dec 9, 2016
    Last edited by a moderator: Dec 12, 2016
  3. linux-tech

    linux-tech Member

    Joined:
    Jun 15, 2016
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    india
    cPanel Access Level:
    Root Administrator
    Hi Smith,

    Thank you for the update. Here I think the issue is with cPanel ( port 2083 ) cipher or SSL suite and not with Apache .
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,204
    Likes Received:
    1,297
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You can browse to "WHM Home » Service Configuration » cPanel Web Services Configuration" and append the following entry to the existing "TLS/SSL Protocols" list:

    Code:
    :!TLSv1
    The final entry would look like this if you've made no previous changes:

    Code:
    SSLv23:!SSLv2:!SSLv3:!TLSv1
    You may also find this thread helpful:

    I need to disable TLS v1.0

    Thank you.
     
Loading...

Share This Page