I've been working on making my server PCI (Payment Card Industry) compliant.
When my site is scanned one of the vulnerabilities reported is that my site allows the use of weak SSL ciphers. I've been looking through the documentation for jsslutils and SSLContextFactory; but I don't understand how I'm suppose to disable the 40 and 56 bit ciphers. For reference I'm running on Ubuntu 8.04 TLS, openjdk-1.6, and restlet 1.1.5, and my sslContextFactory is com.noelios.retlet.util.DefaultSslContextFactory Here is the list of weak SSL ciphers supported by the remote server : Low Strength Ciphers (< 56-bit key) SSLv3 EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export TLSv1 EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2408421
