Monday, March 2, 2015

PCI-DSS SSL v3 and TLS v1.0 EOL Notification

The PCI Security Standards Council has announced that SSL v3 and TLS v1.0 will no longer be acceptable encryption protocols due to the "POODLE" vulnerability and support for these protocols will end this year. The PCI council is mandating the use of TLS version 1.1 or higher.

The recommendation is to change to using TLS v1.2 with the capability to step down to TLS v1.1 (if needed).

No comments:

Post a Comment