Re: [CentOS] SSL vulnerabilities

Rob Kampen Wed, 31 Jul 2013 03:50:48 -0700

On 07/31/2013 08:52 PM, Anumeha Prasad wrote:

Hi,


Following 2 vulnerabilities were detected in VA scan required for PCI
compliance:

1. SSL Weak Cipher Suites Supported
2. SSL Medium Strength Cipher Suites Supported

I'm using CentOS 5.8 with open ssl version "openssl-0.9.8e-22.el5_8.4". Any
idea how to get rid of this?

Are you using SSL /https?
If so, edit the SSL settings to remove the offending ciphers.
Where else are you using SSL - check configs for ciphers supported.
Edit to taste.
HTH

Thanks,
Anumeha
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSL vulnerabilities

Reply via email to