AnsweredAssumed Answered

SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability Synoposis

Question asked by Muhammad Anzar on Sep 24, 2012
Latest reply on Sep 25, 2012 by Muhammad Anzar

I am getting  following securitymetrics PCI  compliance "SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability Synoposis" and Risk is "Data Received: Negotiated cipher suite: AES256-SHA|TLSv1|Kx=RSA|Au=RSA|Enc=AES(256)|Mac=SHA1"

 

 

I am using "OpenSSL 1.0.1 14 Mar 2012" and following configuration on apache ( version - 2.2.22)

 

SSLEngine on

SSLProtocol -SSLv2 -TLS1 +SSLv3

SSLHonorCipherOrder On

SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH

 

 

It would be great, if you are suggesting which would be the resolution for this issue.

 

Thanks

Muhammad Anzar

Outcomes