PCI Compliance - Beast Attack - Updated Information?

CCSupport

• December 18, 2014 05:31

Hello all, We recently had cPanel support change some settings due to browser issues and unfortunately we are now failing our PCI Compliance :( The issue was that we had TLS 1.0 disabled to mitigate PCI scan risks, so enabling it corrected the issue for browser compatibility but now we are open to the Beast Attack exploit. I have read a huge amount on a number of forums, including this one and in all honesty it's either outdated or is contradicting. Does anyone have some information to mitigate this exploit within WHM/cPanel? Our setup is: WHM 11.46 Centos 6.6 All updated. ANY help would be greatly appreciated! [COLOR="silver">- - - Updated - - - Forgot to add - Apache 2.4

• 

  Infopro

  • December 18, 2014 11:12

  I searched the forums for you and found this thread that may be of some use: Mitigating the BEAST attack - cPanel Forums

  0
• 

  CCSupport

  • December 18, 2014 11:26

  Thanks for the reply. Yes, found that thread. However, as mentioned in my post, most I found were outdated. The link referenced in the above forum post is dated back to 2012. Since then there have been a number of PCI changes and also the update of Apache etc. along with a change to recommended ciphers. The link just confuses things.

  0
• 

  cPanelMichael

  • December 18, 2014 19:54

  ] I have read a huge amount on a number of forums, including this one and in all honesty it's either outdated or is contradicting.

  
  Could you let us know what you currently have configured for your Apache "SSL Cipher Suite"? Thank you.

  0

Please sign in to leave a comment.