3 replies [Last post]
sterg17's picture
Offline
Joined: 05/20/2009
Juice: 126
Was this information Helpful?

Hello,

I have a live store, that is PCI compliant - which means we get quaterly scans.

In the latest scan, it was reported that ubercart works with SSL SHA1 instead of SHA2. And that the shopping cart needs to be changed to use SHA2.

How can this be done? Is this an upgrade thats going to happen?

longwave's picture
Offline
Joined: 09/20/2008
Juice: 626
Re: SSL not SHA2...currently SHA1...need to be SHA2

This is a configuration issue with your web server, not Ubercart or Drupal.

--
These forums are for general support questions about Ubercart.
Bug reports and feature requests should be posted at http://drupal.org/project/issues/ubercart
Latest API documentation can be found at http://api.ubercart.me/

sterg17's picture
Offline
Joined: 05/20/2009
Juice: 126
i figured as much the

i figured as much

the customer service rep told me it was software, but that made no sense....

going to try and get a new SSL

longwave's picture
Offline
Joined: 09/20/2008
Juice: 626
Re: i figured as much the

The actual SSL certificate isn't the issue. From your description it sounds like the webserver is set up to accept "weak ciphers" which are not acceptable for PCI DSS compliance. Perhaps pointing your hosting company to http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html will help them out, if that's the problem.

--
These forums are for general support questions about Ubercart.
Bug reports and feature requests should be posted at http://drupal.org/project/issues/ubercart
Latest API documentation can be found at http://api.ubercart.me/