-
Notifications
You must be signed in to change notification settings - Fork 225
PCI DSS Requirements
selecadm edited this page Sep 3, 2015
·
1 revision
The following are required in order to consider a TLS site PCI DSS 3.1 compliant:
- Trusted certificate
- SSL 2.0, SSL 3.0 and TLS 1.0 not supported
- Strong private key
- 2048+ bits if RSA
- 256+ bits if EC
- All cipher suites strong
- Cipher of 128 bits or stronger
- DH parameters 2048+ bits
- Export suites are not allowed
- Anonymous key exchange suites are not allowed
In addition, it is required that no known vulnerabilities are present. This translates to the following:
- Insecure renegotiation not supported
- Compression not supported