PCI compliance - disable SSLv2

Discussion in 'Install/Configuration' started by bangsters, Feb 19, 2013.

  1. bangsters

    bangsters Well-Known Member

    Hi. Our interworx box runs on cloudlinux and litespeed. We need to disable SSLv2 for PCI complaince.

    How can we accomplish this? Is this on litespeed side where we need to disable?

    Please advice.

  2. bangsters

    bangsters Well-Known Member

    We edited the ssl.conf files and changed some settings. If we try to do a test, this is what we get:

    [root@server ~]# openssl s_client -ssl2 -connect 1xx.xxx.121.xxx:443
    140621945898824:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:430:
    no peer certificate available
    No client certificate CA names sent
    SSL handshake has read 422 bytes and written 45 bytes
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    Protocol : SSLv2
    Cipher : 0000
    Key-Arg : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1361311678
    Timeout : 300 (sec)
    Verify return code: 0 (ok)
    [root@node1 ~]#

    Doesn't this mean that SSLv2 is being rejected? If so, then the server should have passed PCI scanning regarding the SSLv2.

    Any idea? Am I missing a step?
  3. webizen

    webizen Well-Known Member

    This indicates SSL2 is disabled.
  4. bangsters

    bangsters Well-Known Member

    Yes that's what I thought so too. But then the pci report came out with 3 failures, all related to SSLv2.....

    I'm having it run again.

    Thank webizen for all your help :)

Share This Page