Vulnerabilities
Hi all,
I'm new at LQ. I recently joined a company and have been asked to manage a Linux box (RHEL 5), which is a web server (Apache2). The PCI compliance scan for this web server indicates that Weak Supported SSL Cipher Suites and SSLv2 detection on ports 443, 465, 993, 995, 8443. Another one is an unknown application on tcp port 1040. Also there are many other issues being indicated in the report. Thanks in advance for helping me to resolve the vulnerabilities. Xavier. |
Welcome to LQ. Hope you like it here.
Quote:
Quote:
SSLProtocol -all +TLSv1 +SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM For more information see http://httpd.apache.org/docs/2.0/mod...sslciphersuite Quote:
Also see 'getent services 1040' for any existing service definitions. Quote:
|
Thanks for the information Moderator.
I will try to get logs/errors/code in future posts. |
You're welcome. Just attach logging if you got any now.
|
Because you have not posted any more vulnerabilities to look at (your "Also there are many other issues being indicated in the report." line) I take it your list is either exhausted or you do not want to discuss them here. Since configuring SSL in essence is a configuration task I have moved your posts and replies to its own thread in the Linux Software forum aptly called Please help with configuring SSL in Apache2.
|
All times are GMT -5. The time now is 02:07 PM. |