Hello, our external IP is being tested for PCI compliance and we are failing with the following messages. Does anyone know what needs to be updated or perhaps disabled - it's a Vigor2910.

TCP 443 https 4 Synopsis : The remote service supports the use of weak SSL ciphers. Description : The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all. Note: [More]

TCP 443 https 4 Synopsis : The remote service supports the use of anonymous SSL ciphers. Description : The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a [More]

TCP 443 https 4 Synopsis : The remote service supports the use of medium strength SSL ciphers. Description : The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently [More]

Have you got remote administration enabled or disabled?

Disabled.

If its disabled and your IP is being scanned externally surely that suggests you have port 443 open and a HTTPS server behind the Draytek that is triggering the result?

Allow management from the Internet is off

There are no ports set up on NAT

There is no DMZ defined

There are no items listed in "open ports"

I don't know where else to look. I've done a portscan from outside and it does not show 443 as open.

Does anyone have any more ideas on this?