PCI Fails SSH weak hashing and key exchange

ehask71

Well-Known Member
Jul 13, 2007
62
5
58
Tampa, Florida, United States
cPanel Access Level
Root Administrator
So one of my customers PCI scans is failing from Trustwave for these 2:

Weak SSH Hashing Algorithms
Weak SSH Key Exchange

None of my other Domains on that server are failing Controlscan PCI scans. The best part is the description "This vulnerability is not recognized by the national vulnerability database". I have tried disputing but they aren't budging.

How do I update the Hashing and Exchange Algo's ..... I messed with it a bit before posting here and all I did was kill ssh lol
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,910
2,233
363
cPanel Access Level
DataCenter Provider
Twitter
Hello Eric,

The following thread includes some examples of cipher and protocol settings utilized by another user for the purpose of passing Trustwave PCI compliance tests:

I need to disable TLS v1.0

Can you let me know if that helps? If not, could you ask Trustwave to provide more specific information about why the server is not passing?

Thank you.
 

ehask71

Well-Known Member
Jul 13, 2007
62
5
58
Tampa, Florida, United States
cPanel Access Level
Root Administrator
I launched a new scan for that customer

Just got a fail from a different provider same server lol. Some of this stuff is just ridiculous now 2083,2087,2096 are considered LLL backdoors...... they really dont want us using CPANEL

upload_2018-8-1_15-58-24.png
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,910
2,233
363
cPanel Access Level
DataCenter Provider
Twitter
Some of this stuff is just ridiculous now 2083,2087,2096 are considered LLL backdoors...... they really dont want us using CPANEL
Hello,

Here's a thread that may help to address that specific report:

SOLVED - PCI Fails - Sweet32 on Ports 2083/2087

If not, can you ask the PCI provider for more specific details about why those ports are failing? It's possible it's a false positive.

Thank you.
 

ehask71

Well-Known Member
Jul 13, 2007
62
5
58
Tampa, Florida, United States
cPanel Access Level
Root Administrator
Last edited by a moderator:
  • Like
Reactions: cPanelMichael