Shulou(Shulou.com)05/31 Report--

This article introduces what is the solution of website SSL testing PCI DSS non-compliance, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Some time ago, I casually tested the Gworg SSL certificate and suggested that PCI DSS was not compliant, and I didn't care about it at that time, because PCI DSS belongs to the security standard of the payment card industry, and Gworg does not involve related business, so it does not affect it. Yesterday, a friend also found this problem, so I had a simple look at it when I was free yesterday, and then solved it by the way.

SSL believes that needless to say, the website needs to install a SSL certificate before it can start access to the HTTPS protocol, which can improve the security of website data transmission.

PCI DSS, full name Payment Card Industry Data Security Standard, third-party payment industry data security standard, is formulated by the PCI Security Standards Committee, to enable the international adoption of consistent data security measures.

As early as June 30 last year, the PCI Security Standards Committee officially published a blog post on June 30, 2018 (the latest), that is, at the end of last month, disable early SSL/TLS and implement a more secure encryption protocol (TLS v1.1 or later, it is strongly recommended to use TLS v1.2) to meet the requirements of the PCI data security standard, thus protecting payment data.

Solution method

Through understanding, we know that this is an upgrade of security requirements, and if the original site does not disable TLS1.0, it will be prompted for non-compliance.

The NGINX server environment used by the server, so just delete TLSv1 from the configuration file for the website, as shown below:

1ssl_protocols TLSv1.1 TLSv1.2

Of course, if your certificate supports 1.3, you can also continue to add, at that time, it has to be said that banning older versions of the agreement may cause some unexpected problems, such as making some browsers called older versions unable to access the site.

Therefore, considering their own actual situation, of course, Gworg suggests timely follow-up would be better.

About the website SSL detection PCI DSS non-compliance solution is shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.