PCI complience causing me greif part 2 (different issue)

Discussion in 'HOWTO-Related Questions' started by wintertong, Sep 16, 2009.

  1. wintertong

    wintertong New Member

    Hi, Can help me with this?

    Synopsis : The remote service encrypts traffic using a protocol with known weaknesses. Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients. See also : http://www.schneier.com/paper-ssl.pdf Solution: Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. Risk Factor: Medium / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:p/A:N/I:N/B:N)

    How do I fix this?

    Kind regards Gareth
     

Share This Page