[ic] PCI Compliance

IC Support ic_support at mnwebdesign.com
Wed Jul 14 23:11:43 UTC 2010

On Tuesday 13 July 2010 14:47:38 Ky Hisberg wrote:
> > It's not so bad.  I added the following to my apache2 config to fix
> > some SSL issues:
> >
> > SSLProtocol all -SSLv2
> > SSLCipherSuite
> >
> > - Grant
> Hi Grant,
> Who did you use for the PCI DSS Compliance testing?  My CC Processor
>  me to use Trustwave, who supposedly is one if not the biggest.  They are
>  pain to work with.
> I have used the setup you suggested but they reject it as Non-compliant
>  will not give any more info.  They say they require SSLProtocol -ALL
>  +SSLv3 +TLSv1 Do you see any problems with this.  Sorry but I do not
>  Trustwave, they keep finding to many things that are just not on my
>  server, or they reject their own suggestions as to weak.  I found a
>  independent Website to test for SSLv2 and SSLv3 and they say we no longer
>  use SSLv2 but Trustwave wants more.  I certainly do not want to loose
>  customers but it sounds like most new Browsers can handle the SSLv3.  Any
>  thoughts?
> Thank you
> Kyle

>This one passes with Comodo (note that medium is disallowed):

I have tried many combinations, but my apache 1.3.41 config needed this to
pass PCI compliance:

SSLProtocol -ALL +TLSv1 +SSLv3

I use DirectAdmin to manage virtual hosts and I also had to put that in the
apache config file for each individual domain that used SSL. Until I did
this, I continued to fail.

Good luck!


More information about the interchange-users mailing list