I couldn’t pass pci DSS only because I am using let’s encrypt ssls, all others requirements I pass but only ssl I fail because I need central manager for ssl for enterprise not only on main website but on servers too
I don't think you understand why you failed PCI. Let's Encrypt SSLs are PCI compliant as long as:
TLS 1.2/1.3 is enforced. Strong ciphers are used. The certificate is monitored and renewed properly.
prismweb how then to monitor and update automatically all server and enforce strong ciphers and enforce tls 1.2-1.3
ecknz yeah will be nice to have toggle button to enable pci DSS compliance in enhance
Kosta That is job for the webservers, not for the panel software.
You can do it easily in Litespeed admin dashboard (OLS or LSE).
https://media.webnestify.io/DeFe9/MicOLUQo11.png
You need to tell listeners to disable weak TLS and old cyphers.
webnestify nice one, I added yesterday HsTS into htaccess file I do this today and. I think I should pass it now. Well it be very nice to have this options at Security tab on enhance panel to enhance security let’s say at server level for all kind of web servers… anyway is empty tab now Thank you
Kosta Would be nice, indeed, but there are way more important things for Enhance to tackle 🙂
webnestify why the settings for tls 1.2 1.3 doesn’t persist? I tick them then couple days later nothing ticket… I’ve been restarting lse after each change in settings… Any guess?
Only 2 vulnerabilities left to be sorted so far XSS and web server LSE crashing… nearly there…
Kosta Not sure tbh. On my servers it persist..Are you on v11/v12 ?
webnestify only the boxes are not ticked however settings are persistent.. yh
But I don’t know what to type onto chippers box … I’ve seen it somewhere and I lost the link there was like ! Symbols with: etc
Any sysadmin playing dota ?
Kosta haven't played in like 8 years lol... I'm currently enjoying supremacy1914. It's like Risk boardgame, but graphical and more detailed resource management.
twest first time I hear about it. Not my type
