PCI compliance - disable SSLv2

Discussion in 'Install/Configuration' started by bangsters, Feb 19, 2013.

  1. bangsters

    bangsters New Member

    Hi. Our interworx box runs on cloudlinux and litespeed. We need to disable SSLv2 for PCI complaince.

    How can we accomplish this? Is this on litespeed side where we need to disable?

    Please advice.

    Thanks
  2. bangsters

    bangsters New Member

    We edited the ssl.conf files and changed some settings. If we try to do a test, this is what we get:


    [root@server ~]# openssl s_client -ssl2 -connect 1xx.xxx.121.xxx:443
    CONNECTED(00000003)
    140621945898824:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:430:
    ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 422 bytes and written 45 bytes
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    SSL-Session:
    Protocol : SSLv2
    Cipher : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1361311678
    Timeout : 300 (sec)
    Verify return code: 0 (ok)
    ---
    [root@node1 ~]#


    Doesn't this mean that SSLv2 is being rejected? If so, then the server should have passed PCI scanning regarding the SSLv2.

    Any idea? Am I missing a step?
  3. webizen

    webizen New Member

    This indicates SSL2 is disabled.
  4. bangsters

    bangsters New Member

    Yes that's what I thought so too. But then the pci report came out with 3 failures, all related to SSLv2.....

    I'm having it run again.

    Thank webizen for all your help :)

Share This Page