really drop SSLv2

Paul Graydon paul at paulgraydon.co.uk
Mon Aug 9 03:54:00 UTC 2010 

  That's strange.  I've always been able to disable successfully Trace 
and Track through adding the following line to the config file:

TraceEnable off

I'd think I'd be inclined to argue for that being set by default, but it 
depends on whether PCI-DSS compliance is valued over RFC compliance as 
disabling it makes the Apache httpd setup non-RFC compliant (HTTP1.1 
specification, section 9.8: http://www.ietf.org/rfc/rfc2616.txt)

Paul

On 8/8/2010 3:34 PM, Jim Tarvid wrote:
> The point is passing Credit Card compliance tests. OOB, Ubuntu doesn't 
> do so well. Spent the last two weeks getting through the process. I'll 
> write it up in some detail but the key points were:
>
>     * ciphers
>     * protocols
>     * ip separation
>     * NameVirtualHosts
>     * no default directory paths
>     * modsecurity
>     * TRACE - took rewrite rules to  get rid of it
>     * server isolation (smtp, pop, imap, dns, ntp)
>     * utility isolation (phpmyadmin, phpinfo, cacti, webmin)
>     * secure ftp
>
> Now I would like a script to monitor sites and home pages on a daily 
> basis to I can catch PHP issues.
>
> On Thu, Aug 5, 2010 at 10:02 AM, Etienne Goyer 
> <etienne.goyer at canonical.com <mailto:etienne.goyer at canonical.com>> wrote:
> > On 10-08-04 06:05 PM, Kees Cook wrote:
> >> Hi Jim,
> >>
> >> On Wed, Aug 04, 2010 at 09:44:25AM -0400, Jim Tarvid wrote:
> >>> Why not kill the weak ciphers too?
> >>
> >> Sure! Can you send a patch for this?
> >
> > I do not really see the point.  Since the client and the server will
> > negotiate the strongest cipher they both support, what exactly would we
> > gain by removing cipher considered weak?
> >
> >
> > --
> > Etienne Goyer
> > Technical Account Manager - Canonical Ltd
> > Ubuntu Certified Instructor   -    LPIC-3
> >
> >  ~= Ubuntu: Linux for Human Beings =~
> >
> > --
> > ubuntu-devel mailing list
> > ubuntu-devel at lists.ubuntu.com <mailto:ubuntu-devel at lists.ubuntu.com>
> > Modify settings or unsubscribe at: 
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
> >
>
>
>
> -- 
> Rev. Jim Tarvid, PCA
> Galax, Virginia
> http://ls.net
> http://drupal.ls.net
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20100808/44ff0cf2/attachment.html>

More information about the ubuntu-server mailing list