SSL Server Supports Weak Encryption for SSLv3, TLSv1 in PCI scans results
Recently, one of my clients ran PCI Scan for his web-site which is hosted on the LAMP environment. He find the below issues in the scans result page.
1) SSL Server Supports Weak Encryption for SSLv3, TLSv1
2) SSL Server Supports CBC Ciphers for SSLv3, TLSv1
3) SSL Server Supports Weak MAC Algorithm for SSLv3, TLSv1
[Resolved]: You need to do some configuration in https.conf file. Please add below rule in your https.conf file and restart apache will fix SSL Server Supports Weak Encryption for SSLv3, TLSv1 issue.
[Resolved]: You need to disable cipher suites using CBC ciphers to fix SSL Server Supports CBC Ciphers for SSLv3, TLSv1 issue.
[Resolved]: You need to disable cipher suites using MD5 based MAC algorithms to fix SSL Server Supports Weak MAC Algorithm for SSLv3, TLSv1 issue.
configure DNS to point to a static or dynamic IP address
Now, everything is available on internet and you can grow your business using internet marketing. To grow your business, you have to develop your own web-site and apps which will be helpful in internet marketing. You need domain and web server to host your web-site. I am working as a freelance web developer because of that I have knowledge of domain and hosting. Many times my clients ask me that they have their own static IP address. can my computer become a server for my own web-site?
What is my name server if I use my pc as a server using static IP address?
How to configure DNS to point to a dynamic IP address?
You can use your IP address in place of Name servers. Nameservers are hosted service, if you know than you can install a DNS server in your computer. IIS or Apache server doesn’t have anything to do with DNS.
It is not required that you have a static IP address to act your computer as a web-server. You can create web server even your IP address is not static but dynamic. You can use ddclient services which will update the DDNS server when your IP is dynamic IP address.
Domain points to two different IP addresses after DNS change
One of my friends faces the issue where his domain name (testing .com) pointing to two different IP addresses once he changed his DNS nameserves.
He told me that his domain (testing.com) points to IP address xxx-xxx-xxx-xxx before he changed his DNS nameservers
Then he changed his domain (testing.com) DNS nameserves and the new IP address is xxx-xxx-xxx-xxx.
After some time he use ping command to check the reply and he was wondering because he got reply from Both IP addresses. When he visit web-site url from browser than facing issue in data loading. Sometimes its loads web-page and sometimes doesn’t load web-page.
If you are facing the same issue than no need to worry, this issue resolved automatically. Let me explain why these issues arise?
DNS resolvers receive lots of requests daily and because of that they DNS resolver cache requests. Your domain points to first IP address before you change the DNS which is in cache. When you change your DNS nameservers than its points to new IP address but it doesn’t clear cache immediately. Existing cache points to old IP address, this is the reason why its points to both IP addresses.
Once the cache has been cleared than its will points to new IP address only.
How the domain name and DNS nameservers work
I know many people who are not technical have lots of question about domain name and DNS name servers.
How the domains work?
How to park my domain?
What is nameservers?
What is DNS?
You are registering your domain on godaddy or any web-site which allowed you to purchase domain name. Once you purchase domain, you need to park your domain. To park domain you need to setup the DNS nameservers.
You get your DNS nameserves from your hosting provider where you host your web-site. This is the way to linkup your domain with your web-site pages.
Now, let’s see how it works when user type domain name in browser.
- Computer send request to the ISP (Internet service provider) resolver to find out the IP Address of your domain name.
- ISP (Internet service provider) resolver send request to the “.” Name server.
- Once “.” Name server receive request than response back to ISP (Internet service provider) resolver to try using the com. Nameserver.
- Now, after getting response ISP (Internet service provider) resolver send request to com. Nameserver.
- The com. Nameserver look in to glue records for your domain and send the DNS nameservers information to your ISP (Internet service provider) resolver.
- Now, ISP (Internet service provider) resolvers have the DNS nameserver for your domain, so send request for the web-page of your domain.
- ISP (Internet service provider) resolvers send web-page to your computer browser to display.
As you change your DNS nameservers record in your domain account, that domain points to the hosting server. You need to understand domain name and web hosting before you plan to start your own web-site.