1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Remove ciphers from Courier-imap

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by LloydD, Oct 12, 2010.

  1. LloydD

    LloydD Basic Pleskian

    19
    60%
    Joined:
    Jul 18, 2010
    Messages:
    92
    Likes Received:
    0
    Location:
    Suffolk, UK
    Hi there,
    I have tried the pci_compliance resolver, and several other directions to remove weak ciphers

    http://www.md3v.com/pci-compliance-for-parallels-plesk

    amongst others but I am still failing on...

    I hope someone can help, I'm really new to linux.
    I'm using Ubuntu 8.04 with Plesk 9.5.2
    Thanks in advance for your help
    Kind regards

    Lloyd
     
  2. CatalinS

    CatalinS Basic Pleskian

    20
    40%
    Joined:
    Jan 21, 2010
    Messages:
    33
    Likes Received:
    0
    Hello,

    Try using the following ciphers :

    !EXPORT40:!EXPORT56:!LOW:!ADH:!NULL:!AECDH-AES256-SHA: !AECDH-AES128-SHA:!AECDH-DES-CBC3-SHA:!AECDH-RC4-SHA: !RC2-CBC-MD5:SSLv3:-SSLv2:TLSv1

    It will use 128bits or higher.

    $ openssl ciphers -v '!EXPORT40:!EXPORT56:!LOW:!ADH:!NULL:!AECDH-AES256-SHA: !AECDH-AES128-SHA:!AECDH-DES-CBC3-SHA:!AECDH-RC4-SHA: !RC2-CBC-MD5:SSLv3:-SSLv2:TLSv1'
    DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
    DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
    AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
    DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
    DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
    AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
    KRB5-RC4-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=MD5
    KRB5-DES-CBC3-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=MD5
    KRB5-RC4-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=SHA1
    KRB5-DES-CBC3-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=SHA1
    EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
    EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
    DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
    RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
    RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5


    Also, have you took every step described at http://download1.parallels.com/Plesk/Panel9.5/Doc/en-US/plesk-9.5-pci-compliance-guide/ ?

    Collapse Securing Servers in Compliance with PCI Data Security Standard
    Securing Linux and FreeBSD-Based Servers
    Securing Microsoft Windows-Based Servers
     
  3. LloydD

    LloydD Basic Pleskian

    19
    60%
    Joined:
    Jul 18, 2010
    Messages:
    92
    Likes Received:
    0
    Location:
    Suffolk, UK
    Nice one that did the trick :D
    Thanks for your help - much appreciated!
     
Loading...