During a recent PCI compliance scan, 4 our our current SSL-Service(s) on the SSL module were scanned and came up with the "SSL Server Supports Weak Encryption Vulnerability". I have checked the configuration and all of our extranet web sites that are hosted on the CSM and have SSL termination at the SSL module appear the same. Also, the private key generated is a 1024 byte key pair. No defined ciphers are in the configuration at this time. Should there be? Is there a white paper on best practices for highest security using the SSL module. We will soon be migrating off to ACE modules, but with PCI compliance currently at hand, we have to mitigate this issue as soon as possible. Thanks.