- Joined
- Dec 29, 2017
- Messages
- 6
- Reaction score
- 0
I recently installed an on-premises 3CX server, and opened up port 5001. During a recent PCI compliance scan, our merchant account administrator failed our scan, because "A service supporting outdated versions of TLS or SSL was detected."
Some background info. If a business processes customer credit card via the Internet, the merchant account service provider requires the business to be PCI compliant. When a business is PCI compliant, it means the customer credit card information is secure. Otherwise the merchant account provider will cease offering credit card processing to the business.
The PCI scan report follows:
-------------------------------------
IP Address: 70.121.63.xxx (which is our public IP)
Host: 70.121.63.xxx (which is our public IP)
Path:
THREAT REFERENCE
Summary:
Server supports TLS 1.0 protocol
Risk: High (3)
Port: 5001/tcp
Protocol: tcp
Threat ID: misc_tls_tls10
Details: A service supporting outdated versions of TLS or SSL was detected. TLS 1.0 and SSLv3 are affected by known flaws which could allow
man-in-the-middle attacks, such as
BEAST and
POODLE.
Information From Target:
Service: commplex-link
Server accepted TLS 1.0 handshake with TLS_DHE_RSA_WITH_AES_128_CBC_SHA cipher
Some background info. If a business processes customer credit card via the Internet, the merchant account service provider requires the business to be PCI compliant. When a business is PCI compliant, it means the customer credit card information is secure. Otherwise the merchant account provider will cease offering credit card processing to the business.
The PCI scan report follows:
-------------------------------------
IP Address: 70.121.63.xxx (which is our public IP)
Host: 70.121.63.xxx (which is our public IP)
Path:
THREAT REFERENCE
Summary:
Server supports TLS 1.0 protocol
Risk: High (3)
Port: 5001/tcp
Protocol: tcp
Threat ID: misc_tls_tls10
Details: A service supporting outdated versions of TLS or SSL was detected. TLS 1.0 and SSLv3 are affected by known flaws which could allow
man-in-the-middle attacks, such as
BEAST and
POODLE.
Information From Target:
Service: commplex-link
Server accepted TLS 1.0 handshake with TLS_DHE_RSA_WITH_AES_128_CBC_SHA cipher