Search found 14 matches

by wepayonlinejon
2011-07-01 23:47
Forum: Feature requests
Topic: SSL version 2 PCI Scan Fail
Replies: 18
Views: 10197

Re: SSL version 2 PCI Scan Fail

OK, I got 995 working, and it is still serving ssl v2. Sorry. Had to be more clear. Suggestion to use 995 port was not about something that might turn SSL stack magically to SSLv3+ only. It was suggestion to use standard SSL service port instead of putting SSL service on plain text service port. We...
by wepayonlinejon
2011-07-01 22:32
Forum: Feature requests
Topic: SSL version 2 PCI Scan Fail
Replies: 18
Views: 10197

Re: SSL version 2 PCI Scan Fail

OK, I got 995 working, and it is still serving ssl v2. # openssl s_client -ssl2 -connect http://www.wepayonline.net:995 to verify that iis is obeying the registry and not serving ssl 2... # openssl s_client -ssl2 -connect http://www.wepayonline.net:445 v2 is rejected # openssl s_client -ssl3 -connec...
by wepayonlinejon
2011-07-01 20:30
Forum: Feature requests
Topic: SSL version 2 PCI Scan Fail
Replies: 18
Views: 10197

Re: SSL version 2 PCI Scan Fail

I got the source downloaded from svn://hmailserver.com:13600, I assume that is the right place to get it? Gosh it is a little ginormous. Anyway I will have a developer take a look and see if ssl v2 can just be disabled outright from the source. Or setup SSL in hmailserver the old way with stunnel ....
by wepayonlinejon
2011-07-01 20:24
Forum: Feature requests
Topic: SSL version 2 PCI Scan Fail
Replies: 18
Views: 10197

Re: SSL version 2 PCI Scan Fail

I HIGHLY doubt hmail source is hard-coded to disable SSL or ignore registry settings (why the heck would hmail even LOOK at SSL registry settings?) on 110 but have at it. ;) Suppose it is possible however that WINDOWS is ignoring them for 110 but again doubtful it is hmail. But this is almost laugh...
by wepayonlinejon
2011-07-01 19:46
Forum: Feature requests
Topic: SSL version 2 PCI Scan Fail
Replies: 18
Views: 10197

Re: SSL version 2 PCI Scan Fail

I got the source downloaded from svn://hmailserver.com:13600, I assume that is the right place to get it? Gosh it is a little ginormous. Anyway I will have a developer take a look and see if ssl v2 can just be disabled outright from the source.
by wepayonlinejon
2011-07-01 19:34
Forum: Feature requests
Topic: SSL version 2 PCI Scan Fail
Replies: 18
Views: 10197

Re: SSL version 2 PCI Scan Fail

PORT: 110 tcp M PCI Fail Setup firewall to allow connections on 110 port only to trusted addresses or turn of 110 service completely. Setup POP3-over-SSL on 995 port instead setting up encrypted service on plain text service port. If you have developer in house, check hMailServer 5.4 and see if you...
by wepayonlinejon
2011-07-01 19:28
Forum: Feature requests
Topic: SSL version 2 PCI Scan Fail
Replies: 18
Views: 10197

Re: SSL version 2 PCI Scan Fail

I thought of that but using openssl tests # openssl s_client -ssl2 -connect http://www.wepayonline.net:443 passes # openssl s_client -ssl2 -connect http://www.wepayonline.net:110 fails So it isn't anything special by trustwave going on, port 110 is actually serving the cert with ssl2 I am using a g...
by wepayonlinejon
2011-07-01 19:23
Forum: Feature requests
Topic: SSL version 2 PCI Scan Fail
Replies: 18
Views: 10197

Re: SSL version 2 PCI Scan Fail

Do they also tell that you send customer data in plain text? Their scan should show that 25 port is wide open. You are not communicating with your customers via encrypted email services. If you do send customer data there, there is no way remote scan can tell that you don't use S/MIME or PGP There ...
by wepayonlinejon
2011-07-01 18:45
Forum: Feature requests
Topic: SSL version 2 PCI Scan Fail
Replies: 18
Views: 10197

Re: SSL version 2 PCI Scan Fail

OK, well maybe I spoke too soon, the link http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html Addresses the IIS version 2 SSL which I had already fixed and it passed. It was on port 110 that I failed. Anybody? Could it be the fact you use 110 at all be the reason? 110 normally...
by wepayonlinejon
2011-07-01 18:06
Forum: General discussions
Topic: SSL (SSLv2) Weak Cipher Prevention
Replies: 9
Views: 7871

Re: SSL (SSLv2) Weak Cipher Prevention

I am on Server 2008 r2 and I have all the registry settings and I pass the scan on port 443 but not on 110.

Any ideas?
by wepayonlinejon
2011-07-01 17:05
Forum: Feature requests
Topic: SSL version 2 PCI Scan Fail
Replies: 18
Views: 10197

Re: SSL version 2 PCI Scan Fail

OK, well maybe I spoke too soon, the link

http://blog.zenone.org/2009/03/pci-comp ... -weak.html

Addresses the IIS version 2 SSL which I had already fixed and it passed. It was on port 110 that I failed.

Anybody?
by wepayonlinejon
2011-07-01 16:51
Forum: Feature requests
Topic: SSL version 2 PCI Scan Fail
Replies: 18
Views: 10197

Re: SSL version 2 PCI Scan Fail

ok, I used the forum search instead of google to check for this already existing. sry

http://www.hmailserver.com/forum/viewto ... 61&start=0
by wepayonlinejon
2011-07-01 16:48
Forum: Feature requests
Topic: SSL version 2 PCI Scan Fail
Replies: 18
Views: 10197

SSL version 2 PCI Scan Fail

First off let me say that hMailServer is like in the top 10 windows applications I have ever used and that it is free is dumbfounding. It is awesome. One small thing though, I just failed a PCI scan and it was the old bugaboo of version 2 SSL. I had to crank on my iis7.5 quite a bit (registry settin...
by wepayonlinejon
2011-06-28 07:07
Forum: Development & alpha discussions
Topic: SSL Help - use existing IIS certificate in hMailServer?
Replies: 5
Views: 15658

Re: SSL Help - use existing IIS certificate in hMailServer?

Thanks for this post, it saved me a bunch of trouble.