PCI compliance - disable SSLv2
- Thread starter bangsters
- Start date
We edited the ssl.conf files and changed some settings. If we try to do a test, this is what we get:
[root@server ~]# openssl s_client -ssl2 -connect 1xx.xxx.121.xxx:443
CONNECTED(00000003)
140621945898824:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:430:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 422 bytes and written 45 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1361311678
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
[root@node1 ~]#
Doesn't this mean that SSLv2 is being rejected? If so, then the server should have passed PCI scanning regarding the SSLv2.
Any idea? Am I missing a step?
[root@server ~]# openssl s_client -ssl2 -connect 1xx.xxx.121.xxx:443
CONNECTED(00000003)
140621945898824:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:430:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 422 bytes and written 45 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1361311678
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
[root@node1 ~]#
Doesn't this mean that SSLv2 is being rejected? If so, then the server should have passed PCI scanning regarding the SSLv2.
Any idea? Am I missing a step?
