In recent trials, I have encountered a need to update the configuration for Apache to conform to PCI compliance. More information on Apache's configuration with SSL can be found here. The configuration you can use to have PCI-compliant SSL for Apache is:
Breakdown:
"HIGH:MEDIUM": This will enable Apache for the seven strongest algorithms used for encryption.
"+TLSv1": Enable TLS version 1 encryption. "!SSLv2": Disable the weaker SSL version 2 encryption. "+SSLv3": Enable the stronger SSL version 3 encryption. "!ADH": Disable the ADH versions of encryption, which are weaker algorithms.
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3:!ADH
Breakdown:
"HIGH:MEDIUM": This will enable Apache for the seven strongest algorithms used for encryption.
"+TLSv1": Enable TLS version 1 encryption. "!SSLv2": Disable the weaker SSL version 2 encryption. "+SSLv3": Enable the stronger SSL version 3 encryption. "!ADH": Disable the ADH versions of encryption, which are weaker algorithms.
No comments:
Post a Comment