[ic] PCI Compliance

NEST @ Yahoo nest_consulting at yahoo.ca
Wed Jul 14 13:02:16 UTC 2010

> It's not so bad.  I added the following to my apache2 config to fix
> some SSL issues:
> SSLProtocol all -SSLv2
> SSLCipherSuite
> - Grant

Hi Grant,

Who did you use for the PCI DSS Compliance testing?  My CC Processor forces
me to use Trustwave, who supposedly is one if not the biggest.  They are a
pain to work with.  

I have used the setup you suggested but they reject it as Non-compliant and
will not give any more info.  They say they require SSLProtocol -ALL +SSLv3
+TLSv1  Do you see any problems with this.  Sorry but I do not trust
Trustwave, they keep finding to many things that are just not on my server,
or they reject their own suggestions as to weak.  I found a independent
Website to test for SSLv2 and SSLv3 and they say we no longer use SSLv2 but
Trustwave wants more.  I certainly do not want to loose customers but it
sounds like most new Browsers can handle the SSLv3.  Any thoughts?

Thank you



Hi Kyle,

I use McAfee, reporting is extremely detailed AND provides the solutions! I
always solved all issues at 1st round!

Martin H.
N.E.S.T. Solutions

More information about the interchange-users mailing list