Making mod_ssl (Apache) PCI compliant
Hold on Cowboy
This blog post is pretty old. Be careful with the information you find in here. The Times They Are A-Changin'
Here are some configurations in Apache and PHP needed to make your server PCI compliant.
SSL Configuarations
Only allow secure SSL versions (version 3 and TLS 1) SSLProtocol -ALL +SSLv3 +TLSv1
Only allow secure Ciphers SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
PHP Configurations
Keep PHP from giving out info about itself (php.ini) expose_php = Off
Also of note, PHP 4 is dying. Need to move to PHP 5 asap.