PCI SSL Requirements

PCI SSL Requirements

Postby jhalverson » Thu Apr 01, 2010 11:41 pm

My company is currently ujndergoing PCI Compliance and the FTP server is being flagged with a severe flag for being out of compliance.

Steps I have done (Windows 2003):
1. Disabled all protocols that are below SSL Version 3 in the registry.
2. Ran SSLDigger to verify only strong SSL V3 is supported on the server.

Are there any versions of Ability FTP Server that have sslv2 and under disabled?

Thanks
jhalverson
 
Posts: 2
Joined: Wed Mar 31, 2010 7:03 am

Re: PCI SSL Requirements

Postby Code Crafters » Fri Apr 02, 2010 11:13 am

Make sure you have the latest Ability FTP Server version 2.xx which now contains stronger SSL encryption levels than with version 1.xx. Currently all versions of SSL are supported (SSLv2, SSLv2/3, SSLv3 and TLSv1). However, I've made a note to add a new setting to disable SSLv2 support if required which hopefully can be added in the next FTP version 2.xx update.
Code Crafters
 
Posts: 942
Joined: Mon Sep 10, 2007 2:35 pm

Re: PCI SSL Requirements

Postby jhalverson » Fri Apr 02, 2010 3:32 pm

Any thoughts on how long it will take for that to be implemented?

I have a 1.xx license will that work with version 2.x or do I have to purchase an upgraded license?
jhalverson
 
Posts: 2
Joined: Wed Mar 31, 2010 7:03 am

Re: PCI SSL Requirements

Postby Code Crafters » Tue Apr 06, 2010 7:55 am

There are no definite release dates for the next minor update but hopefully this will be in the next few months. You have to purchase a new version 2.xx license. However, existing customers can get a new FTP 2.xx license with a 50% discount until the end of May 2010. If you email me at chris@code-crafters.com I'll send you the link to the discounted prices.
Code Crafters
 
Posts: 942
Joined: Mon Sep 10, 2007 2:35 pm


Return to General

Who is online

Users browsing this forum: No registered users and 4 guests

cron