No Comments

PCI Compliance – Disabling SSL v2

Technical Comments (0)

If your ecommerce application is taking credit card numbers and you’re hosting with a reputable host, most likely you’re familiar with becoming PCI Compliant.  Without going into much debate over the policies behind the requierments and motives, one of the things that you must do is disable SSL version 2, which has multiple documented vulnerabilities.  You can do so, assuming you’re using Apache with the following:

SSLProtocol ALL -SSLv2
SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL

Don @ November 9, 2008

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

More articles

Previous:
Next: