SSL server accepts weak ciphers on port 12443

[japjits]

i am using centos with pleask ver 10.3.1

i am trying to fix this but unable to find any document or help for that

apache with sni support
Protocol Port Program Score Summary

TCP 12443 N/A 4.0 Title: SSL server accepts weak ciphers Impact: A remote attacker with the ability to sniff network traffic could decrypt an encrypted session. Resolution: For Apache mod_ssl web servers, use the [http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite] SSLCipherSuite directive in the configuration file to specify strong ciphers only and disable SSLv2. For Microsoft IIS web servers, disable SSLv2 and any weak ciphers as described in Microsoft knowledge base articles [http://support.microsoft.com/kb/187498] 187498 and [http://support.microsoft.com/kb/245030] 245030. For other types of web servers, consult the web server documentation. Risk Factor: Medium/ CVSS2 Base Score: 4.0 (AV:N/AC:H/Au:N/C/I:N/A:N)

 

[IgorG]

Why you do not use latest version of Plesk? There were a lot of security improvements.

 

[KirkM]

weak ciphers on port 12443

I am on the latest version of Plesk 11 and I am getting this fail on pci scans. I have done all the pci compliance updates plesk recommends and hardened the server top to bottom. It passes all tests EXCEPT it says port 12443 accepts weak ciphers. This port appears to be where the panel is listening.

I have modified the /usr/local/psa/admin/conf/cipher.lst file per Plesk 11 instructions and it still fails. If I try to use only ciphers that I use in the ssl conf file to mitigate BEAST and CRIME attacks, it locks up sw server. Anybody know how to get high ciphers only on port 12443?

This is preventing me from passing PCI compliance and I just can't seem to find an answer other than to dump Plesk.