PCI Compliance, Weak SSL Ciphers, Plesk, etc

For all those struggling with the marketing stunt that is PCI compliance here are some pages I found that help to make our DV Base at Mediatemple pass the PCI test

Please check out the following links for help on this:

Weak SSL:
465 (smtps/qmail) – http://www.qmailwiki.org/index.php/Qmail-control-files#control.2Ftlsserverciphers
imap/pop – follow instructions http://www.oscommerceuniversity.com/lounge/index.php?topic=265.0

Server wide ssl2 disable and weak ciphers for all virtual domains:
create new file:
vi /etc/httpd/conf.d/zz000_psa_httpd_weak_ssl_disable.conf
press ‘i’ to insert
SSLProtocol ALL -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:-LOW

press ‘esc’ > ‘shift+q’ > ‘wq’ > ‘enter’
/etc/init.d/httpd stop
/etc/init.d/httpd start

Also found this page very helpful: http://www.linux-advocacy.org/web-servers/making-plesk-more-pci-compliant

Question and additions welcome of course..

Leave a Reply