where fluff meets grit
Archive for October, 2009
Is the PCI scan on your webmin revealing weak SSL ciphers?
02 years ago
by Jonathan Adjei
in LAMP
Mine was, but the fix was pretty straight forward.
- In Webmin go to Webmin -> Webmin Configuration -> SSL Encryption
- Enter the following into the Allowed SSL Ciphers field
ALL:!ADH:!LOW:!SSLv2:!EXP:+HIGH:+MEDIUM
I grabbed this string from the hardened Apache SSL config provided by the excellent Atomic Secured Linux. - Restart webmin and you should be good to go.
You can test you were successful by following the instructions in the blog post referenced below.
References:
Disable SSLv2 in Webmin | Noodles’ Blog.
Addendum:
After a bit more use/testing of these changes, it turns out this interfered with Eclipse/Trac/Mylyn when connecting to this server/repo.
I’ve just figured out to get this 100% happy, I needed to force the SSL version to 3 rather than 2 to make them happy… and of course PCI compliance tests still pass.
