-1

I'm receiving a request from a PCI Compliance scan that requires that says "The following weak server-to-client encryption algorithms are supported : arcfour arcfour128 arcfour256 The following weak client-to-server encryption algorithms are supported : arcfour arcfour128 arcfour256"

RC4 is disabled.

What am I doing wrong?

from ssl.conf:

#   SSL Protocol support:
SSLProtocol  -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2

#   SSL Cipher Suite:  
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
Jakuje
  • 24,773
  • 12
  • 69
  • 75
Mark Goldberg
  • 139
  • 2
  • 12
  • Stackoverflow is for help with software development. You should consider asking this on [sf], [unix.se], or [su]. – Kenster Nov 29 '16 at 02:00

1 Answers1

0

SSH is configured in /etc/ssh/sshd_config. Depending on your system, you need to add all the other algorithms to the option Ciphers in that file.

Jakuje
  • 24,773
  • 12
  • 69
  • 75