Configuring miscellaneous settings
Configure several miscellaneous settings to meet various PA-DSS requirements.
- In the user interface, click the Administration tab.
- Locate the User Accounts section.
- Select the Password must contain lowercase, Password must contain uppercase, and Password must contain digits checkboxes.
- Click the Interfaces tab and scroll down to the Application Programming Interface section.
- Select the Cross-site request forgery protection checkbox. Make sure that
Session timeout (seconds) is set to a value of 900 seconds or less.Note: If you want to use tested default and secure HTTP headers, ensure that Use custom HTTP headers is disabled.
- Scroll up to locate the Message Tracing section under Message Command Interface.
- Select Disabled from the Dump message data drop-down
list.Note: Dump message data needs to be disabled to comply with PA-DSS requirement 2.3.
- Scroll down to locate the MQ Interface section.
- Select Disabled from the Dump message data drop-down
list.Note: Dump message data needs to be disabled to comply with PA-DSS requirement 2.3.
- Scroll down to the Kafka Interface section.
- Select Disabled from the Dump message data drop-down
list.Note: Dump message data needs to be disabled to comply with PA-DSS requirement 2.3.
- Click the Misc tab and scroll down to the Miscellaneous section.
- Verify that SSL cipher list has the
following entries:
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
Note: This list might be outdated because new security leaks were discovered in the meantime. The OpenSSL website provides regular security advisories, including information about potential security leaks.