Can anyone tell me what version of SSL Actinic uses
We are with Barclays Merchant Services and they have required us to pass the Security Metrics Tests on the Actinic site even though we dont see credit card information - it all goes via Protx
the only failure we are encountering seems to be the SSL version - error description as follows
Protocol - TCP
Port - 443
Program - https
Risk - 4
Synopsis - Synopsis : The remote service encrypts traffic using a protocol with known weaknesses. Des-c-r-i-p-tion : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients. See also : http://www.schneier.com/paper-ssl.pdf <b>Solution</b>: Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. See http://support.microsoft.com/default.asp x?scid=kb;en-us;187498 for instructions on IIS. See http://httpd.apache.org/docs/2.0/mod/mod _ssl.html for Apache. <b>Risk Factor</b>: Medium / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Thanks
Jane
We are with Barclays Merchant Services and they have required us to pass the Security Metrics Tests on the Actinic site even though we dont see credit card information - it all goes via Protx
the only failure we are encountering seems to be the SSL version - error description as follows
Protocol - TCP
Port - 443
Program - https
Risk - 4
Synopsis - Synopsis : The remote service encrypts traffic using a protocol with known weaknesses. Des-c-r-i-p-tion : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients. See also : http://www.schneier.com/paper-ssl.pdf <b>Solution</b>: Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. See http://support.microsoft.com/default.asp x?scid=kb;en-us;187498 for instructions on IIS. See http://httpd.apache.org/docs/2.0/mod/mod _ssl.html for Apache. <b>Risk Factor</b>: Medium / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Thanks
Jane
Comment