SSL 2.0 - 3.0 / TLS 1.0

 
Post new topic   Reply to topic    Aprelium Forum Index -> SSL/Certificates
View previous topic :: View next topic  
Author Message
reefbum
-


Joined: 25 May 2007
Posts: 9
Location: FL

PostPosted: Thu May 07, 2009 2:52 am    Post subject: SSL 2.0 - 3.0 / TLS 1.0 Reply with quote

I am running Abyss X2 to host a domain where I have a shopping cart. I was informed by my merchant bank that I needed to hire a company to do a security scan on the system for PCI compliance.

After the scan was performed the security company said the scan failed due to the following reasons and that I needed to fix the items and and have them rescan.

Synopsis: The remote service encrypts traffic using a protocol with known weaknesses. Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients.
Solution: Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead

Synopsis: The remote service supports the use of weak SSL ciphers. Description : The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all. See also : http://www.openssl.org/docs/apps/ciphers .html
Solution: Reconfigure the affected application if possible to avoid use of weak ciphers.



Can anyone help with these items by letting me know what needs to be done to correct the issues so I can clear this up and pass my PCI scan with my bank before they close my merchant account?
Back to top View user's profile Send private message Yahoo Messenger MSN Messenger
Angelina_Apr
-


Joined: 09 Dec 2009
Posts: 3
Location: Mexico

PostPosted: Mon Dec 28, 2009 12:40 pm    Post subject: SSL 2 0 3 0 / TLS 1 0 Reply with quote

Im using the new April 9 Win32 build of Minotaur.

Ive got POP3 working over an SSL connection to port 995, but I cant seem to get SMTP working on an SSL connection to port 465. Both are use SSL always connections.

Has anybody else succeeded where Ive failed? Thanks.
_________________
hey guys, who has the balls? :)
Back to top View user's profile Send private message Send e-mail Visit poster's website ICQ Number
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> SSL/Certificates All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group