[ic] PCI Compliance

Ky Hisberg kyhis2005 at yahoo.com
Tue Jul 13 13:47:38 UTC 2010


> It's not so bad.  I added the following to my apache2 config to fix
> some SSL issues:
> SSLProtocol all -SSLv2
> SSLCipherSuite
> - Grant

Hi Grant,

Who did you use for the PCI DSS Compliance testing?  My CC Processor forces me 
to use Trustwave, who supposedly is one if not the biggest.  They are a pain to 
work with.  

I have used the setup you suggested but they reject it as Non-compliant and will 
not give any more info.  They say they require SSLProtocol -ALL +SSLv3 +TLSv1  
Do you see any problems with this.  Sorry but I do not trust Trustwave, they 
keep finding to many things that are just not on my server, or they reject their 
own suggestions as to weak.  I found a independent Website to test for SSLv2 and 
SSLv3 and they say we no longer use SSLv2 but Trustwave wants more.  I certainly 
do not want to loose customers but it sounds like most new Browsers can handle 
the SSLv3.  Any thoughts?

Thank you


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.icdevgroup.org/pipermail/interchange-users/attachments/20100713/ad339605/attachment.html>

More information about the interchange-users mailing list