Start a new topic

Null Ciphers keeping me from PCI Compliance

scottmacc @ Tue Jan 20 15:18:36 EET 2015
I have a list of Null Ciphers that are failing my PCI Compliance scan.

Running CrushFTP Version 7.2.0_121.
Under Preferences>Encryption>SSL, all Ciphers are off.
IP/Servers = HTTPS://lookup:443
cert is for www.sunnydayguidecloud.com

I am also getting a kick-back for RC4 cipher.

[b]How do I disable the weak ciphers?[/b][i]


PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
| TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 - weak
| TLS_KRB5_EXPORT_WITH_RC4_40_MD5 - weak
| TLS_KRB5_EXPORT_WITH_RC4_40_SHA - weak
| TLS_KRB5_WITH_DES_CBC_MD5 - weak
| TLS_KRB5_WITH_RC4_128_SHA - strong
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| compressors:
|
| TLSv1.1:
| ciphers:
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
| TLS_KRB5_WITH_DES_CBC_MD5 - weak
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| compressors:
|
| TLSv1.2:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_DH_anon_WITH_AES_128_CBC_SHA256 - broken
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_RSA_WITH_NULL_SHA256 - broken
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| compressors:
| NULL
|_ least strength: broken


Thank you,
ScottMacc (aka PCI hell)
1 Comment

spinkb @ Tue Jan 20 15:46:36 EET 2015
In your prefs, encryption, SSL tab, you can put checkmarks on all the ciphers you want to disable. Then test again.

If your on CrushFTP 7.2, the upper right to the cipher list has a defaults button to reset just the ciphers.

Thanks,
Ben
Login to post a comment