Enabled all pci compliance options, still failing CVE-2004-0230: SSL/TLS Protocol x 3

[andyb-uk]

Enabled all pci compliance options, still failing CVE-2011-3389: SSL/TLS Protocol x 3

Hi.

I have latest Plesk 9.5.x updates

I have enabled the pci-compliance options

/usr/local/psa/admin/bin/pci_compliance_resolver --enable all

and followed the Plesk guide

Securing Servers in Compliance with PCI Data Security Standard - http://download1.parallels.com/Plesk/Panel9.5/Doc/en-US/plesk-9.5-pci-compliance-guide

It passes everything now except 3 failures - they are all related to SSL/TLS...

SSL/TLS Protocol Initialization Vector
Implementation Information Disclosure
Vulnerability imap (143/tcp)
CVE-2011-3389

SSL/TLS Protocol Initialization Vector
Implementation Information Disclosure
Vulnerability pop3 (110/tcp)
CVE-2011-3389

SSL/TLS Protocol Initialization Vector
Implementation Information Disclosure
Vulnerability https (443/tcp)
CVE-2011-3389

It seems related to SSL, I have disabled weak ciphers as outlined in the guide.

How can I get this to pass ?

Any help is welcomed


Ignore this thread - i put the wrong CVE number in the subject line so created another - I want to delete this but don;t know how to..