[ic] PCI Compliance

Lyn St George lyn at zolotek.net
Wed Jul 14 08:27:44 UTC 2010

On Tuesday 13 July 2010 14:47:38 Ky Hisberg wrote:
> > It's not so bad.  I added the following to my apache2 config to fix
> > some SSL issues:
> >
> > SSLProtocol all -SSLv2
> > SSLCipherSuite
> >
> > - Grant
> Hi Grant,
> Who did you use for the PCI DSS Compliance testing?  My CC Processor forces
>  me to use Trustwave, who supposedly is one if not the biggest.  They are a
>  pain to work with.
> I have used the setup you suggested but they reject it as Non-compliant and
>  will not give any more info.  They say they require SSLProtocol -ALL
>  +SSLv3 +TLSv1 Do you see any problems with this.  Sorry but I do not trust
>  Trustwave, they keep finding to many things that are just not on my
>  server, or they reject their own suggestions as to weak.  I found a
>  independent Website to test for SSLv2 and SSLv3 and they say we no longer
>  use SSLv2 but Trustwave wants more.  I certainly do not want to loose
>  customers but it sounds like most new Browsers can handle the SSLv3.  Any
>  thoughts?
> Thank you
> Kyle

This one passes with Comodo (note that medium is disallowed):


More information about the interchange-users mailing list