Weak Supported SSL Ciphers Suites on https(443/tcp)

[rajesh ramkumar <ra...@yahoo.com>]

We are trying to get PCI Compliance to be able to do credit card processing.
We have resolved all the issues but for the "Weak Supported SSL Ciphers
Suites on https(443/tcp)". 

Even when i configure to use only medium & strong or only strong ciphers in
ofbiz-container.xml(<property name="ciphers" value="") same error comes up
as shown below when PCI scan is run. Has anyone faced this issue and
resolved? Any help appreciated. Thanks.

Here is the list of weak SSL ciphers supported by the remote server :    Low
Strength Ciphers (< 56-bit key)     SSLv3       EXP-EDH-RSA-DES-CBC-SHA   
Kx=DH(512)    Au=RSA     Enc=DES(40)      Mac=SHA1   export           
EXP-DES-CBC-SHA            Kx=RSA(512)   Au=RSA     Enc=DES(40)     
Mac=SHA1   export            EXP-RC4-MD5                Kx=RSA(512)   Au=RSA    
Enc=RC4(40)      Mac=MD5    export          TLSv1      
EXP-EDH-RSA-DES-CBC-SHA    Kx=DH(512)    Au=RSA     Enc=DES(40)     
Mac=SHA1   export            EXP-DES-CBC-SHA            Kx=RSA(512)   Au=RSA    
Enc=DES(40)      Mac=SHA1   export            EXP-RC4-MD5               
Kx=RSA(512)   Au=RSA     Enc=RC4(40)      Mac=MD5    export       The fields
above are :    {OpenSSL ciphername}   Kx={key exchange}  
Au={authentication}   Enc={symmetric encryption method}   Mac={message
authentication code}   {export flag}


-- 
View this message in context: http://www.nabble.com/Weak-Supported-SSL-Ciphers-Suites-on-https%28443-tcp%29-tp25065188p25065188.html
Sent from the OFBiz - Dev mailing list archive at Nabble.com.