AnsweredAssumed Answered

Sweet 32 PCI Scan vs SSLlabs

Question asked by John Sulik on Apr 11, 2017
Latest reply on Apr 13, 2017 by Jay Van Kooperen

When I scan my website with SSLLabs we are given an A rating.  However, performing a Qualys PCI Scan on our site fails due to Sweet32 vulnerability.

 

3DES Ciphers are allowed on our site but they are at the bottom of the cipher list per the SSLLabs recommendation.

 

Why is this considered a failure for PCI but still given an A rating by SSLLabs?

Outcomes