The Payment Card Industry, including Visa and Mastercard, require banks, merchants and Member Service Providers to protect cardholder information by adhering to a strict set of security standards. The Payment Card Industry security standard (PCI) includes MasterCard's Site Data Protection (SDP) program and Visa's Cardholder Information Security Program (CISP).

Selecting the SSL and TLS ciphers and protocols used

To fully comply with the security standards outlined by the Payment Card Industry you will need to restrict the SSL ciphers and protocol versions that ZXTM allows clients to use:

• Disabling SSL version 2 in ZXTM
• Enabling TLS 1.0 and 1.1 in ZXTM
• Disabling SSL2 in the Zeus Admin Interface
• Disabling Weak SSL3 Ciphers in the Zeus Admin Interface

Disabling Weak SSL3 Ciphers in ZXTM

Navigate to:

SYSTEM > GLOBAL SETTINGS > SSL CONFIGURATION

ZXTM's Cipher List

Enter the below ciphers:

SSL_RSA_WITH_RC4_128_SHASL_RSA_WITH_RC4_128_MD5SL_RSA_WITH_AES_256_CBC_SHA:
SSL_RSA_WITH_3DES_EDE_CBC_SHASL_RSA_WITH_AES_128_CBC_SHA

Disabling SSL version 2 for client connections in ZXTM

Navigate to:

SYSTEM > GLOBAL SETTINGS > SSL CONFIGURATION

Disable the setting ssl!support_ssl2. SSL version 2 has known weaknesses. Enabling TLS 1.0 and 1.1 in ZXTM

Navigate to:

SYSTEM > GLOBAL SETTINGS > SSL CONFIGURATION

Enable the settings ssl!support_tls1 and ssl!support_tls1.1. Disabling SSL2 in the Zeus Admin Interface In $ZEUSHOME/admin/global.cfg enter:

tuning!support_ssl2 no

Disabling Weak SSL3 ciphers in the ZXTM Administrator Interface

In $ZEUSHOME/admin/global.cfg insert, on one continous line:

tuning!ssl3_ciphers
SSL_RSA_WITH_RC4_128_SHASL_RSA_WITH_RC4_128_MD5SL_RSA_WITH_AES_256_CBC_SHA:
SSL_RSA_WITH_3DES_EDE_CBC_SHASL_RSA_WITH_AES_128_CBC_SHA

Please remember to re-start your admin server.

We recommend using:

$ZEUSHOME/admin/rc restart