keefe007
04-18-2011, 11:35 AM
I'm trying to make one of our servers PCI compliant. One of the things that needs to be done is disabling medium strength SSL ciphers.
Here's the error I get from the PCI scan:
Here are the medium strength SSL ciphers supported by the remote server : Medium Strength Ciphers (>= 56-bit and < 112-bit key) SSLv2 DES-CBC-MD5 Kx=RSA Au=RSA Enc=DES(56)Mac=MD5SSLv3 EDH-RSA-DES-CBC-SHA Kx=DHAu=RSA Enc=DES(56)Mac=SHA1 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56)Mac=SHA1 TLSv1 EDH-RSA-DES-CBC-SHA Kx=DHAu=RSA Enc=DES(56)Mac=SHA1 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56)Mac=SHA1
The fields above are : {OpenSSL ciphername}Kx={key exchange}Au={authentication}Enc={symmetric encryption method}Mac={message authentication code}{export flag}
How can I disable all of these?
Thanks,
Keefe
Here's the error I get from the PCI scan:
Here are the medium strength SSL ciphers supported by the remote server : Medium Strength Ciphers (>= 56-bit and < 112-bit key) SSLv2 DES-CBC-MD5 Kx=RSA Au=RSA Enc=DES(56)Mac=MD5SSLv3 EDH-RSA-DES-CBC-SHA Kx=DHAu=RSA Enc=DES(56)Mac=SHA1 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56)Mac=SHA1 TLSv1 EDH-RSA-DES-CBC-SHA Kx=DHAu=RSA Enc=DES(56)Mac=SHA1 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56)Mac=SHA1
The fields above are : {OpenSSL ciphername}Kx={key exchange}Au={authentication}Enc={symmetric encryption method}Mac={message authentication code}{export flag}
How can I disable all of these?
Thanks,
Keefe