Our PCI scans constantly fail against our 2x App server/Gateway. We only have port 443 exposed on the firewall, we are NOT running the port (no IIS), and are enforce SSL for all our 2x clients. Our scans fail with; 1) Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure Suggested articles indicate to force RDP over SSL (we are doing that we 2x). 2) TLS Protocol Session Renegotiation Security Vulnerability Suggested workaround from scan - OpenSSL has provided a version (0.9.8l) that has a workaround. Please refer to OpenSSL Change Log (Changes between 0.9.8k and 0.9.8l Section) to obtain additional details. Has anyone scanned their 2x gateway for security scans and can anyone get their scans to pass? If so, can you provide which settings you have configured on the OS and on 2x? We have tried updating, uninstall/reinstall, new certs, etc.. Running out of options. Thank you.
We have updated OpenSSL to v1.0.1g due to the Heartbleed bug. More information may be found on http://www.2x.com/forums/viewtopic.php?f=3&t=29125
