PCI Complience SSLv3 for Plesk Control Panel

[prussell]

I recently upgraded from the Plesk 8.1 version on Windows to 9.5. Version 8.1 was running in IIS. The new version of Plesk is running from Apache. I am trying to pass PCI Scan and the last problem I have is a SSLv2 vulnerability. I have already made the adjustments for IIS in the registry, but not for tcp/8443 which is running from apache.

How do I configure Apache to only use SSLv3.

Thanks
Patrick

 

[IgorG]

Did you read this Guide? http://download1.parallels.com/Plesk/PPP9/Doc/en-US/plesk-9.5-pci-compliance-guide/

 

[prussell]

Hi IgorG

Yes, I have read and made the modifications for a Windows Server according to the guide. The problem is that Plesk Panel is now using Apache instead of IIS. Even though I have disabled PCT1 and SSLv2 per the Windows section of the guide, the Plesk Panel & Apache is still using SSLv2. The guide does not cover PCI Complience for Apache on Windows.

I can't run the resolver described in the Linix/FreeBSD section of the guide. Is there a way to do it manually?

Thanks
Patrick

 

[IgorG]

What about switching from Apache to IIS? http://kb.odin.com/en/2151

 

[prussell]

Yes that would be an option.

Thanks Igor

Regards
Patrick