really drop SSLv2
Jim Tarvid
tarvid at ls.net
Mon Aug 9 01:34:31 UTC 2010
The point is passing Credit Card compliance tests. OOB, Ubuntu doesn't do so
well. Spent the last two weeks getting through the process. I'll write it up
in some detail but the key points were:
- ciphers
- protocols
- ip separation
- NameVirtualHosts
- no default directory paths
- modsecurity
- TRACE - took rewrite rules to get rid of it
- server isolation (smtp, pop, imap, dns, ntp)
- utility isolation (phpmyadmin, phpinfo, cacti, webmin)
- secure ftp
Now I would like a script to monitor sites and home pages on a daily basis
to I can catch PHP issues.
On Thu, Aug 5, 2010 at 10:02 AM, Etienne Goyer <etienne.goyer at canonical.com>
wrote:
> On 10-08-04 06:05 PM, Kees Cook wrote:
>> Hi Jim,
>>
>> On Wed, Aug 04, 2010 at 09:44:25AM -0400, Jim Tarvid wrote:
>>> Why not kill the weak ciphers too?
>>
>> Sure! Can you send a patch for this?
>
> I do not really see the point. Since the client and the server will
> negotiate the strongest cipher they both support, what exactly would we
> gain by removing cipher considered weak?
>
>
> --
> Etienne Goyer
> Technical Account Manager - Canonical Ltd
> Ubuntu Certified Instructor - LPIC-3
>
> ~= Ubuntu: Linux for Human Beings =~
>
> --
> ubuntu-devel mailing list
> ubuntu-devel at lists.ubuntu.com
> Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
>
--
Rev. Jim Tarvid, PCA
Galax, Virginia
http://ls.net
http://drupal.ls.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20100808/ced10831/attachment.html>
More information about the ubuntu-server
mailing list