X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

Running Lion 10.7.5, how to disable sslv2 and use only RC4 ciphers to solve vulnerability found in PCI compliance vulnerability scan.

Posted

This is what the scan report told me to do. Is this even a problem that can be solved in a browser? I have akamai installed on my mac and they say that may be giving a false problem concerning the sslv2. I have no idea how to change the ciphers used.

Additional System Details

Installed Plug-ins

  • Java Plug-In 2 for NPAPI Browsers
  • Shockwave Flash 11.6 r602
  • Office Live Update v1.0
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in web pages. For more information, visit the QuickTime Web site.
  • The Flip4Mac WMV Plugin allows you to view Windows Media content using QuickTime.

Application

  • Firefox 19.0
  • User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:19.0) Gecko/20100101 Firefox/19.0
  • Support URL: http://support.mozilla.org/1/firefox/19.0/Darwin/en-US/

Extensions

  • Troubleshooter 1.0a (troubleshooter@mozilla.org)
  • Adobe Acrobat - Create PDF 1.0 (web2pdfextension@web2pdf.adobedotcom) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription:
  • adapterDeviceID: 0x2a02
  • adapterDrivers:
  • adapterRAM:
  • adapterVendorID: 0x8086
  • driverDate:
  • driverVersion:
  • info: {u'AzureContentBackend': u'none', u'AzureCanvasBackend': u'quartz', u'AzureFallbackCanvasBackend': u'none'}
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • webglRenderer: Intel Inc. -- Intel GMA X3100 OpenGL Engine
  • windowLayerManagerType: OpenGL

Modified Preferences

  • accessibility.typeaheadfind.flashBar: 0
  • browser.cache.disk.capacity: 358400
  • browser.cache.disk.smart_size.first_run: False
  • browser.cache.disk.smart_size.use_old_max: False
  • browser.cache.disk.smart_size_cached_value: 358400
  • browser.places.importBookmarksHTML: False
  • browser.places.importDefaults: False
  • browser.places.leftPaneFolderId: -1
  • browser.places.migratePostDataAnnotations: False
  • browser.places.smartBookmarksVersion: 4
  • browser.places.updateRecentTagsUri: False
  • browser.startup.homepage_override.buildID: 20130215130331
  • browser.startup.homepage_override.mstone: 19.0
  • browser.tabs.warnOnClose: False
  • extensions.lastAppVersion: 19.0
  • gfx.blacklist.webgl.msaa: 4
  • network.cookie.prefsMigrated: True
  • places.database.lastMaintenance: 1362414247
  • places.history.expiration.transient_current_max_pages: 104858
  • places.history.expiration.transient_optimal_database_size: 167772160
  • places.last_vacuum: 1299802965
  • plugin.disable_full_page_plugin_for_types: application/pdf
  • privacy.donottrackheader.enabled: True
  • privacy.sanitize.migrateFx3Prefs: True
  • privacy.sanitize.timeSpan: 0
  • security.disable_button.openDeviceManager: False
  • security.warn_viewing_mixed: False

Misc

  • User JS: No
  • Accessibility: No
jscher2000
  • Top 10 Contributor
2376 solutions 21036 answers

Generally speaking, changes required for PCI compliance are changes you would make on your web server and not on your browser.

Firefox stopped using SSLv2 in Firefox 2. See: https://developer.mozilla.org/en-US/docs/Security_in_Firefox_2

There are some sites that help you test for SSLv2 support on your server. This one came up in a search: http://foundeo.com/products/iis-weak-.../test.cfm.

Hope this helps.

Question owner

ATT says the modem for household use that I have cannot be configured to use the more secure CR4 cipher and disable sslv2 settings. Says I need to get a modem designed for business network use. What a nightmare. All I do is go to a pay gateway website and enter in my customer's credit card numbers, which then is deposited into my bank account. Seems this is the same as any credit card purchase I would make online and that ATT should have security for those transactions covered already. The pay gateway site does use CR4, but the scan has failed me because apparently my modem does not. I am not operating an e-commerce website. (I meant to say false POSITIVE in my question above, not false problem.)

jscher2000
  • Top 10 Contributor
2376 solutions 21036 answers

I don't know why your modem needs to be compliant, since you are only connecting outwards. Are you working with a merchant services company? They might be able to help clarify the requirements.

Question owner

Thanks so much for your input. The merchant services company I use hired Trustkeeper to do the scans so they can be PCI compliant. I have been "round and round" with Trustwave. They keep repeating what is on the scan report and do not provide any technical support. That is up to me. They keep saying to contact my IT person, (which would be me..haha). I will ask Trustwave to answer the question you posed and will also contact the merchant services company, although I imagine they will be clueless.