This forum is closed to new posts and
responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:
The message is referring to 'weak encryption ', so that likely means it is the ciher setting s not the signature that are at issue. The Doimino server as tended to ship with a variety of strong and weak ciphers, with the idea that the weak ones should be supported in case someone connects with an old browser that doesnt support any of the newer stronger ciphers. My understanding is that PCI says you must not have the weak ciphers availalbe becasuse it is your resonsibiity to make sure that older weaker browsers don't negotiate weak access. See this technote (https://www-304.ibm.com/support/docview.wss?uid=swg21254333) and look at the SSL Ciphers setting in your server document and/or internet sites documents and/or notes.ini settings as described in the technote.
Make sure there are no weak ciphers enabled. E.g., no 56 bit DES or 40 bit RC2 or RC4. If you disable all ciphers that are under 128 bit and The message is referring to encryption, so your signature algorithm is probably not relevant to the error. See this technote (https://www-304.ibm.com/support/docview.wss?uid=swg21254333) and look at the SSL Ciphers setting in your server document and/or internet sites documents and/or notes.ini settings as described in the technote.
Make sure there are no weak ciphers enabled. E.g., no 56 bit DES or 40 bit RC2 or RC4, so everything is 128 bit or higher. And also, make sure that your server.id file does not have one of the old 'International' certs that would only do 40 bit encryption no matter what the rest of the settings said.
Feedback response number WEBB8PZ8ND created by ~Ned Nimfanakonyoopsi on 12/29/2011