Thursday, April 16, 2015

Remove SSL3, TLS 1/1.1 by June 2016 for PCI

SecurityWeek.com described how the PCI council appears to be telling companies that SSL v3.0, TLS 1.0, and in some cases even TLS 1.1 may have to be disabled/removed by June 30, 2016 to pass your PCI audit.

Pretty interesting , likely caused by the stores about POODLE and FREAK basically busting apart the security of these older protocols.

Apparently PCI doesn't release these out-of-band updates very often either, so they must've thought this was important, and I tend to agree with them.

Let's push forward and not live in the past.

Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment