cancel
Showing results for 
Search instead for 
Did you mean: 

Running Lion 10.7.5, how to disable sslv2 and use only RC4 ciphers to solve vulnerability found in PCI compliance vulnerability scan.

Highlighted
New User

Running Lion 10.7.5, how to disable sslv2 and use only RC4 ciphers to solve vulnerability found in PCI compliance vulnerability scan.

This is what the scan report told me to do. Is this even a problem that can be solved in a browser? I have akamai installed on my mac and they say that may be giving a false problem concerning the sslv2. I have no idea how to change the ciphers used.

4 REPLIES
Mozilla Support Contributor

Re: Running Lion 10.7.5, how to disable sslv2 and use only RC4 ciphers to solve vulnerability found in PCI compliance vulnerability scan.

Generally speaking, changes required for PCI compliance are changes you would make on your web server and not on your browser.

Firefox stopped using SSLv2 in Firefox 2. See: https://developer.mozilla.org/en-US/docs/Security_in_Firefox_2

There are some sites that help you test for SSLv2 support on your server. This one came up in a search: http://foundeo.com/products/iis-weak-.../test.cfm.

Hope this helps.

New User

Re: Running Lion 10.7.5, how to disable sslv2 and use only RC4 ciphers to solve vulnerability found in PCI compliance vulnerability scan.

ATT says the modem for household use that I have cannot be configured to use the more secure CR4 cipher and disable sslv2 settings. Says I need to get a modem designed for business network use. What a nightmare. All I do is go to a pay gateway website and enter in my customer's credit card numbers, which then is deposited into my bank account. Seems this is the same as any credit card purchase I would make online and that ATT should have security for those transactions covered already. The pay gateway site does use CR4, but the scan has failed me because apparently my modem does not. I am not operating an e-commerce website. (I meant to say false POSITIVE in my question above, not false problem.)

Mozilla Support Contributor

Re: Running Lion 10.7.5, how to disable sslv2 and use only RC4 ciphers to solve vulnerability found in PCI compliance vulnerability scan.

I don't know why your modem needs to be compliant, since you are only connecting outwards. Are you working with a merchant services company? They might be able to help clarify the requirements.

New User

Re: Running Lion 10.7.5, how to disable sslv2 and use only RC4 ciphers to solve vulnerability found in PCI compliance vulnerability scan.

Thanks so much for your input. The merchant services company I use hired Trustkeeper to do the scans so they can be PCI compliant. I have been "round and round" with Trustwave. They keep repeating what is on the scan report and do not provide any technical support. That is up to me. They keep saying to contact my IT person, (which would be me..haha). I will ask Trustwave to answer the question you posed and will also contact the merchant services company, although I imagine they will be clueless.