SSL Server Supports Weak Encryption for SSLv3, TLSv1 in PCI scans results
Recently, one of my clients ran PCI Scan for his web-site which is hosted on the LAMP environment. He find the below issues in the scans result page.
1) SSL Server Supports Weak Encryption for SSLv3, TLSv1
2) SSL Server Supports CBC Ciphers for SSLv3, TLSv1
3) SSL Server Supports Weak MAC Algorithm for SSLv3, TLSv1
[Resolved]: You need to do some configuration in https.conf file. Please add below rule in your https.conf file and restart apache will fix SSL Server Supports Weak Encryption for SSLv3, TLSv1 issue.
[Resolved]: You need to disable cipher suites using CBC ciphers to fix SSL Server Supports CBC Ciphers for SSLv3, TLSv1 issue.
[Resolved]: You need to disable cipher suites using MD5 based MAC algorithms to fix SSL Server Supports Weak MAC Algorithm for SSLv3, TLSv1 issue.
Hows your website secure when you use SSL for your website.
SSL fullform is Secure Socket Layer.
when we develop any web-site then we do the contract with the php programmer if your site in php and other developers as per we choose the scripting language for our web-site. all web-developer and software company follow some standards but if you do not define the document then security will be lack from your web-site. if there is less security in your web-site then hackers can easily hack your site, so web-security is required for your site.
SSL is used to transfer data in secure mode, secure socket layer is the protocol and when we use it in our web-site then data transmitted between server and user’s computer are encrypted. server use a valid, current and trusted secure sockets layer to transmit the data from user computer and server.
When you use ssl that does not means that your web-site is secure, ssl is one small part of the security and its use is apply any strong cipher when data is transmitted from serve to user and user to server. if you do not cover other security configuration for your web-site and ssl use weak ciphers then hacker can easily hack your web-site.