Hello,
I received the below message today:
>Security test for PCI compliance is failing because of weak ciphers on the
>proxy server. Cipher " DES-CBC-SHA", description "Key Exchange: RSA;
>Authentication: RSA; Encryption: DES(56); MAC: SHA1" shows up in the proxy
>server only.
In the code,
HTTPSSLContext->SslCipherList = "ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH";
I then do,
SslContext->SslOptions >> sslOpt_NO_SSLv2 >> sslOpt_NO_SSLv3 >> sslOpt_NO_TLSv1;
if(!useSSLv2)
SslContext->SslOptions = TSslOptions() << sslOpt_NO_SSLv2;
if(!useSSLv3)
SslContext->SslOptions = TSslOptions() << sslOpt_NO_SSLv3;
if(!useTLSv1)
SslContext->SslOptions = TSslOptions() << sslOpt_NO_TLSv1;
I am not sure what is wrong. Any idea? What should be SslCipherList
for PCI compliance which is important?
Regards,
SZ
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
