PCI DSS Compliance Part 2 - Weak SSL And Ciphers

Posted At : January 29, 2010 11:44 PM | Posted By : Brad Wood
Related Categories: Server Administration, Networking, IIS, Security

The next stop on our PCI DSS Compliance tour is disabling weak SSL versions and encryption ciphers. If your site is handling credit card payments, it is undoubtedly using HTTPS for at least the pages that collect payment information. I thought I had already taken care of this item, but I was apparently mistaken. Fortunately, this is pretty easy to fix and if you're on Windows I've even cooked up a quick and easy registry file for you to use.

[More]

Comments (1) | Send | del.icio.us | Digg It! | Linking Blogs | 5455 Views
Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
[Add Comment] [Subscribe to Comments]
John Sieber's Gravatar Thanks for posting this. I remember making these registry changes on my old Win Server 2003 box but could not remember the details when I had to make the same changes to my new Win Server 2008 box. I almost expected Server 2008 to have ssl 2.0 off by default but I guess not.
# Posted By John Sieber | 2/17/10 3:29 PM
[Add Comment]


BlogCFC was created by Raymond Camden. This blog is running version 5.9.5. Contact Blog Owner