in and around the office
Is the PCI scan on your webmin revealing weak SSL ciphers?
Mine was, but the fix was pretty straight forward.
- In Webmin go to Webmin -> Webmin Configuration -> SSL Encryption
- Enter the following into the Allowed SSL Ciphers field
ALL:!ADH:!LOW:!SSLv2:!EXP:+HIGH:+MEDIUM
I grabbed this string from the hardened Apache SSL config provided by the excellent Atomic Secured Linux. - Restart webmin and you should be good to go.
You can test you were successful by following the instructions in the blog post referenced below.
References:
Disable SSLv2 in Webmin | Noodles’ Blog.
Addendum:
After a bit more use/testing of these changes, it turns out this interfered with Eclipse/Trac/Mylyn when connecting to this server/repo.
I’ve just figured out to get this 100% happy, I needed to force the SSL version to 3 rather than 2 to make them happy… and of course PCI compliance tests still pass.
| Print article | This entry was posted by Jonathan Adjei on October 12, 2009 at 1:05 pm, and is filed under LAMP. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site. |
