comment out Include conf/extra/httpd-autoindex.conf (line 101), and as you're now no longer using it, it might also be worth taking out autoindex_module from your LoadModule's (saves a small bit of memory, but there wouldn't be any noticeable performance benefits. But as you're not using it, there's no point loading it).
For SSL PCI compliance, have the following config as part of your SSL settings (which you've got commented out currently):
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
SSLProtocol -ALL +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
This should force Apache not to default to older insecure SSL protocols and disable SSL compression (HTTP compression via mod_deflate still works here) which leaves HTTPS open to attacks like BEAST.
Bare in mind I'm still testing the above code myself (funny enough, that's actually what I'm doing this very minute) as the BEAST vulnerability is still relatively new (or rather, new enough where it wasn't part of PCI compliance until the last month or so). I'll update this thread in the next few hours if that code doesn't work, but I can't see there being a problem as it follows the standards defined in Apache's manual.
Also make sure you have OpenSSL version 1.0.1 installed (required for TLS1.1 & 1.2). You can check this by running: openssl version from the command line. However if your system is built from a package manager and has been kept relatively up to day, then you shouldn't have a problem there.
For SSL PCI compliance, have the following config as part of your SSL settings (which you've got commented out currently):
This should force Apache not to default to older insecure SSL protocols and disable SSL compression (HTTP compression via mod_deflate still works here) which leaves HTTPS open to attacks like BEAST.Bare in mind I'm still testing the above code myself (funny enough, that's actually what I'm doing this very minute) as the BEAST vulnerability is still relatively new (or rather, new enough where it wasn't part of PCI compliance until the last month or so). I'll update this thread in the next few hours if that code doesn't work, but I can't see there being a problem as it follows the standards defined in Apache's manual.
Also make sure you have OpenSSL version 1.0.1 installed (required for TLS1.1 & 1.2). You can check this by running: openssl version from the command line. However if your system is built from a package manager and has been kept relatively up to day, then you shouldn't have a problem there.