Apache configuration to become PCI compliant

1124415 pts.
Tags:
Apache
PCI compliance
PCI DSS
For Apache, we need to make sure of PCI compliance by limiting mod_ssl to SSLv3 and TLSv1 (and also ensuring long keys). We've tried the below configuration but combos of the SSLv2 are still valid.
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
Is there a way completely disable the SSLv2 to become PCI compliant?
0

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Kevin Beaver
    This command addresses the cipher suites. Do you also have one of the following config statements?:
    SSLProtocol all -SSLv2
    SSLProtocol +TLSv1
    27,435 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: