Making mod_ssl (Apache) PCI compliant
Hold on Cowboy
This blog post is pretty old. Be careful with the information you find in here. It's likely dead, dying, or wildly inaccurate.
Here are some configurations in Apache and PHP needed to make your server PCI compliant.
SSL Configuarations
Only allow secure SSL versions (version 3 and TLS 1) SSLProtocol -ALL +SSLv3 +TLSv1
Only allow secure Ciphers SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
PHP Configurations
Keep PHP from giving out info about itself (php.ini) expose_php = Off
Also of note, PHP 4 is dying. Need to move to PHP 5 asap.