Skip to main content

PCI Fails - Sweet32 on Ports 2083/2087

Comments

2 comments

  • cPWilliamL
    Hi eglwolf, It looks like you've already found one of the threads that concerns this issue: SOLVED - PCI Scan Fails On Web Services Ports Have you tried updating the cipher suite at WHM > Service Configuration >cPanel Web Services Configuration to one provided in the thread?: SOLVED - PCI Scan Fails On Web Services Ports Could you also confirm your current cPanel version and OS release? My test box shows this CVE patched in the openssl package:
    # rpm -q openssl --changelog|grep -A1 2016-2183 - mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to 112 bit effective strength
    We also have an internal case(CPANEL-11108) concerning disabling these ciphers by default, which was implemented in cPanel 66. Thanks,
    0
  • eglwolf
    I made this change and it worked. I believe the recent cpanel update reset these settings that we previously had which caused it to fail. cPanel Web Services Configuration TLS/SSL Cipher List ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!DES:!3DES:!RC4:!MD5:!RC4-SHA:!RC4-MD5
    0

Please sign in to leave a comment.