SSL management for whole cluster to pass PCI DSS 4.0

ecknz

Kosta take a look at the Cloudflare docs on implementing PCI DSS at zone level or per hostname if your using their DNS. I'm not sure if you change ciphers and settings required in Enhance they will be overwritten with updates, for that you would need to check with support.

Would be great to see an option in the CLI to enable PCI compliance settings like in Plesk.

Kosta

ecknz yeah will be nice to have toggle button to enable pci DSS compliance in enhance

Kosta

I couldn’t pass pci DSS only because I am using let’s encrypt ssls, all others requirements I pass but only ssl I fail because I need central manager for ssl for enterprise not only on main website but on servers too

prismweb

I don't think you understand why you failed PCI. Let's Encrypt SSLs are PCI compliant as long as:

TLS 1.2/1.3 is enforced.
Strong ciphers are used.
The certificate is monitored and renewed properly.

Kosta

prismweb how then to monitor and update automatically all server and enforce strong ciphers and enforce tls 1.2-1.3

webnestify

Kosta That is job for the webservers, not for the panel software.

You can do it easily in Litespeed admin dashboard (OLS or LSE).

https://media.webnestify.io/DeFe9/MicOLUQo11.png

You need to tell listeners to disable weak TLS and old cyphers.

Kosta

webnestify nice one, I added yesterday HsTS into htaccess file I do this today and. I think I should pass it now.
Well it be very nice to have this options at Security tab on enhance panel to enhance security let’s say at server level for all kind of web servers… anyway is empty tab now
Thank you

webnestify

Kosta Would be nice, indeed, but there are way more important things for Enhance to tackle 🙂

Kosta

webnestify why the settings for tls 1.2 1.3 doesn’t persist? I tick them then couple days later nothing ticket…
I’ve been restarting lse after each change in settings…
Any guess?

Kosta

Only 2 vulnerabilities left to be sorted so far XSS and web server LSE crashing… nearly there…

webnestify

Kosta Not sure tbh. On my servers it persist..Are you on v11/v12 ?

Kosta

webnestify only the boxes are not ticked however settings are persistent.. yh

Kosta

But I don’t know what to type onto chippers box … I’ve seen it somewhere and I lost the link there was like ! Symbols with: etc

Kosta

Any sysadmin playing dota ?

twest

Kosta haven't played in like 8 years lol... I'm currently enjoying supremacy1914. It's like Risk boardgame, but graphical and more detailed resource management.

Kosta

twest first time I hear about it. Not my type