View previous topic :: View next topic |
Author |
Message |
reefbum -
Joined: 25 May 2007 Posts: 9 Location: FL
|
Posted: Thu May 07, 2009 2:52 am Post subject: SSL 2.0 - 3.0 / TLS 1.0 |
|
|
I am running Abyss X2 to host a domain where I have a shopping cart. I was informed by my merchant bank that I needed to hire a company to do a security scan on the system for PCI compliance.
After the scan was performed the security company said the scan failed due to the following reasons and that I needed to fix the items and and have them rescan.
Synopsis: The remote service encrypts traffic using a protocol with known weaknesses. Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients.
Solution: Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead
Synopsis: The remote service supports the use of weak SSL ciphers. Description : The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all. See also : http://www.openssl.org/docs/apps/ciphers .html
Solution: Reconfigure the affected application if possible to avoid use of weak ciphers.
Can anyone help with these items by letting me know what needs to be done to correct the issues so I can clear this up and pass my PCI scan with my bank before they close my merchant account? |
|
Back to top |
|
|
Angelina_Apr -
Joined: 09 Dec 2009 Posts: 3 Location: Mexico
|
Posted: Mon Dec 28, 2009 12:40 pm Post subject: SSL 2 0 3 0 / TLS 1 0 |
|
|
Im using the new April 9 Win32 build of Minotaur.
Ive got POP3 working over an SSL connection to port 995, but I cant seem to get SMTP working on an SSL connection to port 465. Both are use SSL always connections.
Has anybody else succeeded where Ive failed? Thanks. _________________ hey guys, who has the balls? :) |
|
Back to top |
|
|
|