Webmin / Bugs / #5599 Only strong PCI-compliant ciphers Fails PCI Scanners SecurityMetrics

#5599 Only strong PCI-compliant ciphers Fails PCI Scanners SecurityMetrics

Milestone: 2.010

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2022-12-14

Created: 2022-12-14

Creator: Eric

Private: No

Hi,

Latest webmin when we have only TLS 1.2 uncheckmarked rejecting all others below. No for SSL compression and Yes for Force Use of Server Defined.

We bubble "Only strong PCI-compliant ciphers " we are getting the failures from security metrics

RC4 Cipher Suite Supported (Sweet 32)
SSL Supports RC4
RCR Cipher Suite Supported (Bar Miztvah)

We would think the Bubble only Strong PCI would disable RC4 can we please get this fixed in future webmin.

Is only strong ciphers with perfect forward secrecy higher than PCI compliant?

Same goes for current usermin also same barking about RC4.

Thanks!

Eric

Discussion

Jamie Cameron - 2022-12-14

Sure, I will take RC4 out of the strong ciphers list.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link: