PCI compliance & SSL (pix 515e)

Unanswered Question

We need to meet PCI compliance.  However, my firewall fails because, according to the scan, it accepts SSL 2 ciphers. I talked to the company issuing compliance certificates and explained that all my internet-accessible servers meet guidelines.  But they're coming back and saying that their hands are tied.  Even if my firewall can't actually be connected to it has to be compliant.

I can't see where to disable SSL 2.0.  Is that even possible with a 515E?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jilahbg Thu, 02/11/2010 - 13:00
User Badges:

Maybe slightly off-topic but... Do you use SSL at all in the firewall? If you dont use webvpn (do you?) all there is left for use of ssl is for asdm management. Maybe you can live without it by turning of the internal web-server?

jilahbg Thu, 02/11/2010 - 13:07
User Badges:

Well, if PCI compliance doesnt allow you to use SSL2.0 it surely wont dance happily if you change to plain-text http. Sorry. :-)

I guess turning GUI off totally and managing your firewall over SSH doesnt suit you?


This Discussion