Now, I've run into a snag.  Changed all my servers but now they're saying my 
firewall is failing.  Which is ridiculous for obvious reasons.
ugh. 

Subject: RE: PCI compliance
Date: Wed, 10 Feb 2010 16:42:03 -0500
From: [email protected]
To: [email protected]



















Yes, 

 

I have ran into this on some audits, and done work on detecting
this SSL based systems ( namely) IIS/Apache and the HP System Management Home
page that I just got done working on. 

 

IE 6.0 supports SSLv3 and TLS1.0 which is what they are probably
looking for when they dinged you for the PCI audit. 

 

You can hit me off list if you like to discuss more. 

 

Z

 





From: paul d
[mailto:[email protected]] 

Sent: Wednesday, February 10, 2010 1:57 PM

To: NT System Admin Issues

Subject: PCI compliance





 

We have failed our PCI compliance due to
some servers having SSL 2.0 enabled and "...the use of weak ciphers."



Has anybody run into an issue whereby they disabled 2.0 and/or weak ciphers and
then users couldn't connect?



Servers are W2000 and W2003.



My main concern is that since our pay "stubs" are now online (running
on the w2003 box) and someone using IE6 can't connect.



Thanks.







Hotmail:
Trusted email with Microsoft’s powerful SPAM protection. Sign up
now. 

 

 


 

        
        
 
        
                                          
_________________________________________________________________
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
http://clk.atdmt.com/GBL/go/201469226/direct/01/
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to