[ic] PCI Compliance
IC Support
ic_support at mnwebdesign.com
Wed Jul 14 23:11:43 UTC 2010
On Tuesday 13 July 2010 14:47:38 Ky Hisberg wrote:
> > It's not so bad. I added the following to my apache2 config to fix
> > some SSL issues:
> >
> > SSLProtocol all -SSLv2
> > SSLCipherSuite
> > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:-eNULL
> >
> > - Grant
>
> Hi Grant,
>
> Who did you use for the PCI DSS Compliance testing? My CC Processor
forces
> me to use Trustwave, who supposedly is one if not the biggest. They are
a
> pain to work with.
>
>
> I have used the setup you suggested but they reject it as Non-compliant
and
> will not give any more info. They say they require SSLProtocol -ALL
> +SSLv3 +TLSv1 Do you see any problems with this. Sorry but I do not
trust
> Trustwave, they keep finding to many things that are just not on my
> server, or they reject their own suggestions as to weak. I found a
> independent Website to test for SSLv2 and SSLv3 and they say we no longer
> use SSLv2 but Trustwave wants more. I certainly do not want to loose
> customers but it sounds like most new Browsers can handle the SSLv3. Any
> thoughts?
>
> Thank you
>
> Kyle
>
>This one passes with Comodo (note that medium is disallowed):
>SSLCipherSuite
ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:+SSLv3:!EXP:!eNULL:!aNULL
>
>Cheers
>Lyn
I have tried many combinations, but my apache 1.3.41 config needed this to
pass PCI compliance:
SSLProtocol -ALL +TLSv1 +SSLv3
SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!EXPORT:!MEDIUM:!LOW
I use DirectAdmin to manage virtual hosts and I also had to put that in the
apache config file for each individual domain that used SSL. Until I did
this, I continued to fail.
Good luck!
Curt
More information about the interchange-users
mailing list