• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Remove ciphers from Courier-imap

LloydD

Basic Pleskian
Hi there,
I have tried the pci_compliance resolver, and several other directions to remove weak ciphers

http://www.md3v.com/pci-compliance-for-parallels-plesk

amongst others but I am still failing on...

Security Warning found on port/service "pop3s (995/tcp)"

Low Strength Ciphers (< 56-bit key)
SSLv3
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
TLSv1
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export

I hope someone can help, I'm really new to linux.
I'm using Ubuntu 8.04 with Plesk 9.5.2
Thanks in advance for your help
Kind regards

Lloyd
 
Hello,

Try using the following ciphers :

!EXPORT40:!EXPORT56:!LOW:!ADH:!NULL:!AECDH-AES256-SHA: !AECDH-AES128-SHA:!AECDH-DES-CBC3-SHA:!AECDH-RC4-SHA: !RC2-CBC-MD5:SSLv3:-SSLv2:TLSv1

It will use 128bits or higher.

$ openssl ciphers -v '!EXPORT40:!EXPORT56:!LOW:!ADH:!NULL:!AECDH-AES256-SHA: !AECDH-AES128-SHA:!AECDH-DES-CBC3-SHA:!AECDH-RC4-SHA: !RC2-CBC-MD5:SSLv3:-SSLv2:TLSv1'
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
KRB5-RC4-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=MD5
KRB5-DES-CBC3-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=MD5
KRB5-RC4-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=SHA1
KRB5-DES-CBC3-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=SHA1
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5


Also, have you took every step described at http://download1.parallels.com/Plesk/Panel9.5/Doc/en-US/plesk-9.5-pci-compliance-guide/ ?

Collapse Securing Servers in Compliance with PCI Data Security Standard
Securing Linux and FreeBSD-Based Servers
Securing Microsoft Windows-Based Servers
 
Back
Top