This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PCI Scan Failure - SPX TLS 1.0

We're failing our PCI scan  after enabling and allowing the port for SPX email encryption. 

 

Details: A service supporting outdated versions of TLS or SSL was detected. TLS 1.0 and SSLv3 are affected by known flaws which could allow
man-in-the-middle attacks, such as
BEAST and
POODLE.

Information From Target:
Service: [port number]:TCP
Server accepted TLS 1.0 handshake with TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA cipher

 

How do we disable these weak ciphers for SPX?

SG 330 9.311-3

 

Thanks!



This thread was automatically locked due to age.
Parents Reply
  • Guys, my guess is that most of the people that run PCI scans really know very little.  They're clerks that simply keep track of whether their client has gotten assurance from his supplier that CVE-x-y has been mitigated when their imperfect scanning flags a potential vulnerability.  I'd have to agree that if the latest scan was done by the same company that's been doing them  before, it's time to find a better PCI scanner.  That's my $0.02 worth. ;-)

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data