[ic] PCI Compliance
NEST @ Yahoo
nest_consulting at yahoo.ca
Wed Jul 14 13:02:16 UTC 2010
> It's not so bad. I added the following to my apache2 config to fix
> some SSL issues:
> SSLProtocol all -SSLv2
> - Grant
Who did you use for the PCI DSS Compliance testing? My CC Processor forces
me to use Trustwave, who supposedly is one if not the biggest. They are a
pain to work with.
I have used the setup you suggested but they reject it as Non-compliant and
will not give any more info. They say they require SSLProtocol -ALL +SSLv3
+TLSv1 Do you see any problems with this. Sorry but I do not trust
Trustwave, they keep finding to many things that are just not on my server,
or they reject their own suggestions as to weak. I found a independent
Website to test for SSLv2 and SSLv3 and they say we no longer use SSLv2 but
Trustwave wants more. I certainly do not want to loose customers but it
sounds like most new Browsers can handle the SSLv3. Any thoughts?
I use McAfee, reporting is extremely detailed AND provides the solutions! I
always solved all issues at 1st round!
More information about the interchange-users