BEAST Attack and SSL ciphers

Hi

I am sorry if this has been asked already, but I have 2 SSL certs installed, and both have been renewed.

BEAST Attack

The SSL on the main server is showing as BEAST attackNot mitigated server-side (more info) SSL 3: 0x2f, TLS 1.0: 0x2f

and the second, which is on its own IP, is showing as BEAST attackMitigated server-side (more info) SSL 3: 0x5, TLS 1.0: 0x5

There are also variances with the cipher keys between them, which I have attached 2 PDF

Please could I ask if I have set them up wrong, or missed any part which would correct the beast attack and also, default the ciphers to a strong set, for all SSL which are set on interworx (so far, all SSL are assigned their own IP, not shared, and we have clients who have SSL with as well).

Many thanks in advance

John

analyze.html_d=sentmail.pdf|attachment (307 KB)

analyze.html_d=havehosts.pdf|attachment (301 KB)

Hi

I have resolved the SSL issue I had, and now were shown as been pci compliant.

I think I still have a little to play with to try to make it even better.

For anyone interested, please see the pdf results for the same domains.

I think it also needs to be set in interworx, so when a new siteworx account setup, with SSL, it auto sets the ciphers.

If anyone knows the exact file I need to edit, that would be lovely, if not, if I find it, I’ll post here.

Many thanks

John

pci compliant-analyze.html_d=sentmail.pdf (305 KB)

pci compliant-analyze.html_d=havehosts.pdf (305 KB)

Hi

If anyone is interested in setting up SSL as above, I found this forum link which shows exactly how to do this.

http://forums.interworx.com/showthread.php?5116-Custom-SSL-CipherSuite

I hope this helps

Many thanks

John

I hope this helps

Many thanks

Hi

I would advise any user who is using Centos to consider to update to Centos 6.5 (our is 64 Bit), which also updates the OPenSSL to the latest version, which means it is TLS1.2 compliant. I have just updated our systems, and run a test, which shows TLS 1.2 is supported, and I cannot at the moment see any issues.

I will during this week hopefully, alter our SSL ciphers to reflect this, but without changing any ciphers, our check score has increased due to openSSL being updated.

I hope this helps but please, any update to OS is at your own risk.

Many thanks

John

Erm I think we need a noobie guide to using these event hooks lol I can’t seem to get it working.

Need to do: http://forums.interworx.com/threads/5116-Custom-SSL-CipherSuite :slight_smile:

Hi Michael

I hope you don’t mind but I’m on 2 weeks of family holiday but when I’m back I’ll try to do one for forum.

It’s very easy though and the biggest mistakes are not setting correct permission for event hooks to work but if it not working, if you check your logs for the error. The other reason sometimes it might not work is a mismatch between v4 and v5 IW CP, which has caught me out and vraney, Robert was really good at finding the reason.

Many thanks

John

A week or two ago I opened a ticket asking about this, after the Heartbleed disaster I was also keen to improve it since my cPanel shows an A-, Interworx shows C. I will take a look at the link you shared.

Thanks John :slight_smile: