On Thu, January 2, 2020 12:35, Bastian Blank wrote:
> On Thu, Jan 02, 2020 at 12:16:33PM -0500, James B. Byrne wrote:
>> We recently were forced by our PCI compliance audit to change our
>> permissible ciphers. I speculate that this is the source of our
>> problem. Our revised cipher list is:
>
> Don't, as long as you don't enforce encryption as well.
>
>> I would appreciate any guidance as to how to correct this issue
>> without running afoul of the PCI DSS.
>
> Don't use mail to transport payment data, so PCI is not applicable.
This advice is not helpful. It is not what we are sending but rather
what we are receiving. We have no control over the information that
our clients send us. PCI DSS exists to deal with this sort of thing.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:byrn...@harte-lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
