[ic] PCI Compliance
Ky Hisberg
kyhis2005 at yahoo.com
Tue Jul 13 13:47:38 UTC 2010
>
> It's not so bad. I added the following to my apache2 config to fix
> some SSL issues:
>
> SSLProtocol all -SSLv2
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:-eNULL
>
> - Grant
Hi Grant,
Who did you use for the PCI DSS Compliance testing? My CC Processor forces me
to use Trustwave, who supposedly is one if not the biggest. They are a pain to
work with.
I have used the setup you suggested but they reject it as Non-compliant and will
not give any more info. They say they require SSLProtocol -ALL +SSLv3 +TLSv1
Do you see any problems with this. Sorry but I do not trust Trustwave, they
keep finding to many things that are just not on my server, or they reject their
own suggestions as to weak. I found a independent Website to test for SSLv2 and
SSLv3 and they say we no longer use SSLv2 but Trustwave wants more. I certainly
do not want to loose customers but it sounds like most new Browsers can handle
the SSLv3. Any thoughts?
Thank you
Kyle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.icdevgroup.org/pipermail/interchange-users/attachments/20100713/ad339605/attachment.html>
More information about the interchange-users
mailing list