I forgot to say: useSSLv2 is off and the other two is on in flags. Regards,
SZ On Thu, Nov 26, 2009 at 10:16 AM, Fastream Technologies <[email protected]> wrote: > Hello, > > I received the below message today: >>Security test for PCI compliance is failing because of weak ciphers on the >>proxy server. Cipher " DES-CBC-SHA", description "Key Exchange: RSA; >>Authentication: RSA; Encryption: DES(56); MAC: SHA1" shows up in the proxy >>server only. > > In the code, > HTTPSSLContext->SslCipherList = "ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"; > > I then do, > > SslContext->SslOptions >> sslOpt_NO_SSLv2 >> sslOpt_NO_SSLv3 >> > sslOpt_NO_TLSv1; > > if(!useSSLv2) > SslContext->SslOptions = TSslOptions() << sslOpt_NO_SSLv2; > > if(!useSSLv3) > SslContext->SslOptions = TSslOptions() << sslOpt_NO_SSLv3; > > if(!useTLSv1) > SslContext->SslOptions = TSslOptions() << sslOpt_NO_TLSv1; > > I am not sure what is wrong. Any idea? What should be SslCipherList > for PCI compliance which is important? > > Regards, > > SZ -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
