Thank you all.
I edited Connector node in server.xml file for my tomcat installation to
include below cipher code:
ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
This should remove the "Weak Cipher Suites" compliance error for Tomcat in
the VA scan.
Had to do this I was unable to find the ssl.conf file.
Thanks,
Anumeha
On Wed, Jul 31, 2013 at 9:18 PM, Alexander Dalloz <ad+lists@xxxxxxxxx>wrote:
> Am 31.07.2013 10:52, schrieb Anumeha Prasad:
> > Hi,
> >
> > Following 2 vulnerabilities were detected in VA scan required for PCI
> > compliance:
> >
> > 1. SSL Weak Cipher Suites Supported
> > 2. SSL Medium Strength Cipher Suites Supported
> >
> > I'm using CentOS 5.8 with open ssl version "openssl-0.9.8e-22.el5_8.4".
> Any
> > idea how to get rid of this?
> >
> > Thanks,
> > Anumeha
>
> You have far more security issues with your system than just providing
> weak SSL ciphers, because you are not up to date. The current CentOS 5
> minor release is 9 with a fair amount of additional bug and security
> updates.
>
> Update ASAP (`yum update').
>
> Alexander
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
