Remove ciphers from Courier-imap

[LloydD]

Hi there,
I have tried the pci_compliance resolver, and several other directions to remove weak ciphers

http://www.md3v.com/pci-compliance-for-parallels-plesk

amongst others but I am still failing on...

Security Warning found on port/service "pop3s (995/tcp)"

Low Strength Ciphers (< 56-bit key)
SSLv3
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
TLSv1
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export

I hope someone can help, I'm really new to linux.
I'm using Ubuntu 8.04 with Plesk 9.5.2
Thanks in advance for your help
Kind regards

Lloyd

 

[CatalinS]

Hello,

Try using the following ciphers :

!EXPORT40:!EXPORT56:!LOW:!ADH:!NULL:!AECDH-AES256-SHA: !AECDH-AES128-SHA:!AECDH-DES-CBC3-SHA:!AECDH-RC4-SHA: !RC2-CBC-MD5:SSLv3:-SSLv2:TLSv1

It will use 128bits or higher.

$ openssl ciphers -v '!EXPORT40:!EXPORT56:!LOW:!ADH:!NULL:!AECDH-AES256-SHA: !AECDH-AES128-SHA:!AECDH-DES-CBC3-SHA:!AECDH-RC4-SHA: !RC2-CBC-MD5:SSLv3:-SSLv2:TLSv1'
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
KRB5-RC4-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=MD5
KRB5-DES-CBC3-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=MD5
KRB5-RC4-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=SHA1
KRB5-DES-CBC3-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=SHA1
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5


Also, have you took every step described at http://download1.parallels.com/Plesk/Panel9.5/Doc/en-US/plesk-9.5-pci-compliance-guide/ ?

Collapse Securing Servers in Compliance with PCI Data Security Standard
Securing Linux and FreeBSD-Based Servers
Securing Microsoft Windows-Based Servers

 

[LloydD]

Nice one that did the trick
Thanks for your help - much appreciated!