PCI compliance... What is there to say other than it sucks? Anyone who has ever wanted to accept credit cards through a merchant account has had to deal with this and feels my pain (if they are using a few specific PCI compliance venders, that is).
To qualm the PCI that ails you, here is the registry modifications that I have implemented in order to pass the newly "increased security" modifications to the PCI compliance requirements.
You can download a .txt version of the registry entries here.
Basically you have to disable all ciphers on the system but Triple DES, disable MD5 hash, PCT 1.0, and SSL2.0. The MD5 and all ciphers other than Triple DES 168/168 are the new things. The problem lies with the fact that even though last October the PCI compliance only required that you be using SSL3.0/TLS1.0, the new requirements apparently require you to not only be using SSL3.0/TLS1.0 but also have to disable the weaker ciphers supported by the protocols. By "weaker" I'm referring to anything sub-56bit. Here's the problem with that... There are also some 128bit ciphers that "trigger" this failure in PCI compliance.
So, hopefully the link above works (I've never used aDrive before, but it's free) and you'll be able to make use of it. If the link fails at some point, I guess I'll find another host for it. It's very useful.
Take care,
B
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment