[CentOS] SSL vulnerabilities

Wed Jul 31 10:48:56 UTC 2013
Rob Kampen <rkampen at kampensonline.com>

On 07/31/2013 08:52 PM, Anumeha Prasad wrote:
> Hi,
>
> Following 2 vulnerabilities were detected in VA scan required for PCI
> compliance:
>
> 1. SSL Weak Cipher Suites Supported
> 2. SSL Medium Strength Cipher Suites Supported
>
> I'm using CentOS 5.8 with open ssl version "openssl-0.9.8e-22.el5_8.4". Any
> idea how to get rid of this?
Are you using SSL /https?
If so, edit the SSL settings to remove the offending ciphers.
Where else are you using SSL - check configs for ciphers supported.
Edit to taste.
HTH
> Thanks,
> Anumeha
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos