VERY to OLD default but also strict and PCI complaince for SSL configuration in WEBMIN doesn't make sense. read

1 post / 0 new
#1 Wed, 09/04/2019 - 03:50
Jfro

VERY to OLD default but also strict and PCI complaince for SSL configuration in WEBMIN doesn't make sense. read

If some try to get better and no weak results by setting the SSL config in WEBMIN GUI that doesn't succeed while to old. (for port 10000, 2000 and so more)

PCI compliance hmm , but also weak RsaKeyX and SHA1 stays

And sets stil in MINISERV.conf > AES256-SHA256:AES256-SHA256:RC4: so double part and RC4 wich is weak for long time now!

For newer updated specs / guidelines you can read them here .

https://english.ncsc.nl/publications/publications/2019/juni/01/it-securi...

Maybe if it is to much work for now. As workarround have some docs / help files updated how to get this manualy right in miniserv.conf?

https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurat...