Hi,
Following 2 vulnerabilities were detected in VA scan required for PCI compliance:
1. SSL Weak Cipher Suites Supported 2. SSL Medium Strength Cipher Suites Supported
I'm using CentOS 5.8 with open ssl version "openssl-0.9.8e-22.el5_8.4". Any idea how to get rid of this?
Thanks, Anumeha
On 07/31/2013 08:52 PM, Anumeha Prasad wrote:
Hi,
Following 2 vulnerabilities were detected in VA scan required for PCI compliance:
- SSL Weak Cipher Suites Supported
- SSL Medium Strength Cipher Suites Supported
I'm using CentOS 5.8 with open ssl version "openssl-0.9.8e-22.el5_8.4". Any idea how to get rid of this?
Are you using SSL /https? If so, edit the SSL settings to remove the offending ciphers. Where else are you using SSL - check configs for ciphers supported. Edit to taste. HTH
Thanks, Anumeha _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
http://pof.eslack.org/2011/06/07/disable-apache2-weak-medium-ciphers-pci-com...
2013/7/31 Anumeha Prasad anumeha.prasad@gmail.com
Hi,
Following 2 vulnerabilities were detected in VA scan required for PCI compliance:
- SSL Weak Cipher Suites Supported
- SSL Medium Strength Cipher Suites Supported
I'm using CentOS 5.8 with open ssl version "openssl-0.9.8e-22.el5_8.4". Any idea how to get rid of this?
Thanks, Anumeha _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Am 31.07.2013 10:52, schrieb Anumeha Prasad:
Hi,
Following 2 vulnerabilities were detected in VA scan required for PCI compliance:
- SSL Weak Cipher Suites Supported
- SSL Medium Strength Cipher Suites Supported
I'm using CentOS 5.8 with open ssl version "openssl-0.9.8e-22.el5_8.4". Any idea how to get rid of this?
Thanks, Anumeha
You have far more security issues with your system than just providing weak SSL ciphers, because you are not up to date. The current CentOS 5 minor release is 9 with a fair amount of additional bug and security updates.
Update ASAP (`yum update').
Alexander
Thank you all.
I edited Connector node in server.xml file for my tomcat installation to include below cipher code:
ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
This should remove the "Weak Cipher Suites" compliance error for Tomcat in the VA scan.
Had to do this I was unable to find the ssl.conf file.
Thanks, Anumeha
On Wed, Jul 31, 2013 at 9:18 PM, Alexander Dalloz ad+lists@uni-x.orgwrote:
Am 31.07.2013 10:52, schrieb Anumeha Prasad:
Hi,
Following 2 vulnerabilities were detected in VA scan required for PCI compliance:
- SSL Weak Cipher Suites Supported
- SSL Medium Strength Cipher Suites Supported
I'm using CentOS 5.8 with open ssl version "openssl-0.9.8e-22.el5_8.4".
Any
idea how to get rid of this?
Thanks, Anumeha
You have far more security issues with your system than just providing weak SSL ciphers, because you are not up to date. The current CentOS 5 minor release is 9 with a fair amount of additional bug and security updates.
Update ASAP (`yum update').
Alexander
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Alexander Dalloz -
Anumeha Prasad -
Eero Volotinen -
Rob Kampen