<div>
Thanks ravenpl, that's what I needed.
</div>


<div>
<div class="content wysiwyg-content">
I am running a small ecommerce web site on a LAMP system with Apache2.2.9. I've recently had a PCI Compliance scan that found weak SSL Ciphers. I've added this to my Apache ssl.conf<br />
<br />
SSLProtocol -all +SSLv3 +TLSv1<br />
SSLCipherSuite SSLv3:+HIGH:+MEDIUM <br />
<br />
A subsequent PCI Scan reported weak SSL Ciphers and anonymous SSL Ciphers.<br />
<br />
What else do I need to do to get strong encryption and disallow anonymous SSL Ciphers?<br />
<br />
Thanks,<br />
Rick
</div>
</div>


I am running a small ecommerce web site on a LAMP system with Apache2.2.9. I've recently had a PCI Compliance scan that found weak SSL Ciphers. I've added this to my Apache ssl.conf

SSLProtocol -all +SSLv3 +TLSv1
SSLCipherSuite SSLv3:+HIGH:+MEDIUM 

A subsequent PCI Scan reported weak SSL Ciphers and anonymous SSL Ciphers.

What else do I need to do to get strong encryption and disallow anonymous SSL Ciphers?

Thanks,
Rick

SSLCipherSuite Settings to enable Strong Encryption

The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.

Apache Web Server

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

SSL / HTTPS

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.