Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PCI compliance & SSL (pix 515e)

We need to meet PCI compliance.  However, my firewall fails because, according to the scan, it accepts SSL 2 ciphers. I talked to the company issuing compliance certificates and explained that all my internet-accessible servers meet guidelines.  But they're coming back and saying that their hands are tied.  Even if my firewall can't actually be connected to it has to be compliant.

I can't see where to disable SSL 2.0.  Is that even possible with a 515E?

4 REPLIES
New Member

Re: PCI compliance & SSL (pix 515e)

Maybe slightly off-topic but... Do you use SSL at all in the firewall? If you dont use webvpn (do you?) all there is left for use of ssl is for asdm management. Maybe you can live without it by turning of the internal web-server?

New Member

Re: PCI compliance & SSL (pix 515e)

No, we don't.  I do use the PDM once in a while.  Is it possible to switch it to port 80 instead

of 443?

New Member

Re: PCI compliance & SSL (pix 515e)

Well, if PCI compliance doesnt allow you to use SSL2.0 it surely wont dance happily if you change to plain-text http. Sorry. :-)

I guess turning GUI off totally and managing your firewall over SSH doesnt suit you?

New Member

Re: PCI compliance & SSL (pix 515e)

I don't know what they'd do if I switch to 80.  Nope, can't use SSH either; it fails on that, too. What irritates me is that you can only connect

to it internally.

I've got an ASA at another site and it passes fine.  That's why I wonder if there isn't a way to disable SSl 2 on the 515e.

482
Views
0
Helpful
4
Replies
CreatePlease to create content