Yes,
I have ran into this on some audits, and done work on detecting this SSL based systems ( namely) IIS/Apache and the HP System Management Home page that I just got done working on. IE 6.0 supports SSLv3 and TLS1.0 which is what they are probably looking for when they dinged you for the PCI audit. You can hit me off list if you like to discuss more. Z From: paul d [mailto:pdw1...@hotmail.com] Sent: Wednesday, February 10, 2010 1:57 PM To: NT System Admin Issues Subject: PCI compliance We have failed our PCI compliance due to some servers having SSL 2.0 enabled and "...the use of weak ciphers." Has anybody run into an issue whereby they disabled 2.0 and/or weak ciphers and then users couldn't connect? Servers are W2000 and W2003. My main concern is that since our pay "stubs" are now online (running on the w2003 box) and someone using IE6 can't connect. Thanks. ________________________________ Hotmail: Trusted email with Microsoft's powerful SPAM protection. Sign up now. <http://clk.atdmt.com/GBL/go/201469226/direct/01/> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
