Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Proftp & TLS 1.0 PCI Compliance

Discussion in 'Security' started by ehask71, Dec 19, 2017.

Tags:
  1. ehask71

    ehask71 Well-Known Member

    Joined:
    Jul 13, 2007
    Messages:
    48
    Likes Received:
    3
    Trophy Points:
    58
    Location:
    Tampa, Florida, United States
    cPanel Access Level:
    Root Administrator
    I am going crazy 40 days ago my server was PCI compliant ..... now I brought on a new customer and the PCI scanner is flagging for port 21 TLS 1.0

    Anyone have a fix for it?

    ProFTP

    Ciphers: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS

    What should the protocols be?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,396
    Likes Received:
    1,605
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Here's the default cipher list we provide for ProFTPd as of cPanel version 68:

    Code:
    HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
    Can you update the TLS Cipher Suite to the above value via "WHM Home » Service Configuration » FTP Server Configuration" and let us know if that helps?

    Thank you.
     
  3. ehask71

    ehask71 Well-Known Member

    Joined:
    Jul 13, 2007
    Messages:
    48
    Likes Received:
    3
    Trophy Points:
    58
    Location:
    Tampa, Florida, United States
    cPanel Access Level:
    Root Administrator
    What is the default for the Protocol field I think we jacked ours up
     
  4. ehask71

    ehask71 Well-Known Member

    Joined:
    Jul 13, 2007
    Messages:
    48
    Likes Received:
    3
    Trophy Points:
    58
    Location:
    Tampa, Florida, United States
    cPanel Access Level:
    Root Administrator
    It got worse ..... before I only had Server Supports TLS 1.0 protocol

    Now I have RC4 and SWEET32


    upload_2017-12-21_10-45-24.png
     
    #4 ehask71, Dec 21, 2017
    Last edited by a moderator: Dec 21, 2017
  5. ehask71

    ehask71 Well-Known Member

    Joined:
    Jul 13, 2007
    Messages:
    48
    Likes Received:
    3
    Trophy Points:
    58
    Location:
    Tampa, Florida, United States
    cPanel Access Level:
    Root Administrator
    This is the ciphers for ProFtp on 68.0.21 that passed

    AES128+EECDH:AES128+EDH:!SSLv2:!SSLv3:!3DES
     
    cPanelMichael likes this.
Loading...

Share This Page