Is the PCI scan on your webmin revealing weak SSL ciphers?

Published by Jonathan Adjei on

webmin

Mine was, but the fix was pretty straight forward.

  1. In Webmin go to Webmin -> Webmin Configuration -> SSL Encryption
  2. Enter the following into the Allowed SSL Ciphers field
    ALL:!ADH:!LOW:!SSLv2:!EXP:+HIGH:+MEDIUM

    I grabbed this string from the hardened Apache SSL config provided by the excellent Atomic Secured Linux.
  3. Restart webmin and you should be good to go.

    4. You can test you were successful by following the instructions in the blog post referenced below.

References:
Disable SSLv2 in Webmin | Noodles’ Blog.

Addendum:

After a bit more use/testing of these changes, it turns out this interfered with Eclipse/Trac/Mylyn when connecting to this server/repo.

I’ve just figured out to get this 100% happy, I needed to force the SSL version to 3 rather than 2 to make them happy… and of course PCI compliance tests still pass.

SSL weak cipher fixes

Categories: LAMP
Tags:

Jonathan Adjei

Jon's expertise in web development is legendary and he oversees all technical aspects of our projects from development to hosting (all through the command line!) Jon is excited by the latest techniques and keeps the company on track by finding ways to adopt new practices into our workflow.

Related Posts

Distilling billing
LAMP

Distilling billing

I’ve been working on a jbilling install whenever I’ve had a moment over the past few nights. From what I’ve seen, this is a very promising piece of open source work that is remarkably simple Read more…

Magento optimisations
LAMP

Magento optimisations

Things to tweak on your Magento installations gleaned from the Magento forums. Magento ver. 1.0.19870.4 Install APC # pecl install apc edit php.ini to use apc extension extension=apc.so Switch mysql query caching on in my.cnf Read more…

A Pound for free
LAMP

A Pound for free

I’ve setup a more resilient web service for a good client of mine.. http://www.practicalaction.org/ By using 2 servers and ‘pound’ they now have some load balancing but most importantly some resilience.. so if one server Read more…