Thank you all. I edited Connector node in server.xml file for my tomcat installation to include below cipher code: ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" This should remove the "Weak Cipher Suites" compliance error for Tomcat in the VA scan. Had to do this I was unable to find the ssl.conf file. Thanks, Anumeha On Wed, Jul 31, 2013 at 9:18 PM, Alexander Dalloz <ad+lists at uni-x.org>wrote: > Am 31.07.2013 10:52, schrieb Anumeha Prasad: > > Hi, > > > > Following 2 vulnerabilities were detected in VA scan required for PCI > > compliance: > > > > 1. SSL Weak Cipher Suites Supported > > 2. SSL Medium Strength Cipher Suites Supported > > > > I'm using CentOS 5.8 with open ssl version "openssl-0.9.8e-22.el5_8.4". > Any > > idea how to get rid of this? > > > > Thanks, > > Anumeha > > You have far more security issues with your system than just providing > weak SSL ciphers, because you are not up to date. The current CentOS 5 > minor release is 9 with a fair amount of additional bug and security > updates. > > Update ASAP (`yum update'). > > Alexander > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >