SecurityWeek.com described how the PCI council appears to be telling companies that SSL v3.0, TLS 1.0, and in some cases even TLS 1.1 may have to be disabled/removed by June 30, 2016 to pass your PCI audit.
Pretty interesting , likely caused by the stores about POODLE and FREAK basically busting apart the security of these older protocols.
Apparently PCI doesn't release these out-of-band updates very often either, so they must've thought this was important, and I tend to agree with them.
Let's push forward and not live in the past.
Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.
No comments:
Post a Comment