Home → Managed Services → Server Administration → Apache SSL PCI Compliance

1.2. Apache SSL PCI Compliance

SYMPTOMS:

PCI Compliance scans shows Apache is not PCI Compliant in the area of SSL

RESOLUTION:

Edit httpd.conf, httpd.conf.tmpl.custom, and check the various lserver et all Apache configuration files as appropriate to add/modify the following:

SSLOptions +StrictRequire
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

Then restart Apache.

Testing that SSLv2 is Disabled

openssl s_client -connect HOSTNAME:PORT -ssl2

If you receive the certificate and a ton of other lines, you still have SSLv2 enabled. Otherwise, if you receive anything like these you're fine:

CONNECTED(00000005)
write:errno=54

This page was: Helpful | Not Helpful

← Apache disk utilization issues as user and site numbers increase Control Panel Service →

Dynamic Net Help Desk

1.2. Apache SSL PCI Compliance