|
PCI compliance - disable SSLv2
Hi. Our interworx box runs on cloudlinux and litespeed. We need to disable SSLv2 for PCI complaince.
How can we accomplish this? Is this on litespeed side where we need to disable? Please advice. Thanks |
We edited the ssl.conf files and changed some settings. If we try to do a test, this is what we get:
[root@server ~]# openssl s_client -ssl2 -connect 1xx.xxx.121.xxx:443 CONNECTED(00000003) 140621945898824:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:430: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 422 bytes and written 45 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1361311678 Timeout : 300 (sec) Verify return code: 0 (ok) --- [root@node1 ~]# Doesn't this mean that SSLv2 is being rejected? If so, then the server should have passed PCI scanning regarding the SSLv2. Any idea? Am I missing a step? |
Quote:
|
Quote:
I'm having it run again. Thank webizen for all your help :) |
| All times are GMT -7. The time now is 10:16 AM. |