top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

SSL vulnerabilities on CentOS System

0 votes
541 views

Following 2 vulnerabilities were detected in VA scan required for PCI compliance:

  1. SSL Weak Cipher Suites Supported
  2. SSL Medium Strength Cipher Suites Supported

I'm using CentOS 5.8 with open ssl version "openssl-0.9.8e-22.el5_8.4". Any idea how to get rid of this?

posted Jul 31, 2013 by Jagan Mishra

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

3 Answers

0 votes

Are you using SSL /https?
If so, edit the SSL settings to remove the offending ciphers. Where else are you using SSL - check configs for ciphers supported.

answer Jul 31, 2013 by Amit Parthsarthi
0 votes
answer Jul 31, 2013 by Majula Joshi
0 votes

You have far more security issues with your system than just providing weak SSL ciphers, because you are not up to date. The current CentOS 5 minor release is 9 with a fair amount of additional bug and security
updates. Update ASAP (`yum update').

answer Jul 31, 2013 by Amit Parthsarthi
Similar Questions
+3 votes

Has anyone gotten this working? I have it compiling no problem, but removing OpenSSL is another story of course. It seems to be compiled with FIPS support and of course there is no such thing in LibreSSL - that is something they tore out

0 votes

We need to migrate to new address. Some time we need to listen on 2 domains. Is there any way to have two certs for the same service depending on the address?

Currently my SSL config is this:

SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
SSLVerifyClient="none"
SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
useServerCipherSuitesOrder="true"
SSLCertificateFile="d:/apache-tomcat8/conf/cert/n/cert.cert"
SSLCertificateKeyFile="d:/apache-tomcat8/conf/cert/n/key.key"
SSLCACertificateFile="d:/apache-tomcat8/conf/cert/n/cacerts.pem"
SSLPassword="XXXX"
unpackWARs="true" autoDeploy="true"
directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b"

Thank you for any help

+2 votes

Does anyone knows how-to disable SSL v3 in older tomcat version, I have tried to variety solution including sslProtocols or sslEnabledProtocols but it both did not work well, the Firefox I am using to test is only select TLS 1 and result is that I were not able to access the site.

Below is the server information:

Server version: Apache Tomcat/6.0.18
Server built: Jul 22 2008 02:00:36
Server number: 6.0.18.0
OS Name: Windows 2003
OS Version: 5.2
Architecture: x86
JVM Version: 1.6.0-b105
JVM Vendor: Sun Microsystems Inc

+1 vote

I'm using apache 2.2 as front end and apache tomcat 6.0.37 as backend. I'm using mod_jk for connecting them.

The problem is. I'm using ssl certificates and configured ssl on apache. when I connect the site with https it works but when I click on an link it no more secure i.e. its not secure browsing anymore.

My requirement is as follows.

If user connects as https all the links should work as https. If the user connects as http all the links should work as http is such thing is possible?

+1 vote

Has any one used resizefs module with cloud-init on centos/redhat before? How to call it with #cloud-config user data, do I need to give it any parameters? I googled cloud-init, but it is pretty difficult to find a manual/book on this, and mostly they are Ubuntu based.

If possible, I'd like to use a same image/AMI to boot up instances(VMs) with different disk size setup, and let cloud-init to take care of increasing partition size, and file system re-sizing. Is it possible for centos/redhat?

...