Today, the PCI SSC announced an update to the deadlines to remove insecure cryptographic protocols, namely SSL and early TLS (i.e., TLS 1.0). The original publication required disabling these protocols and replacing them with current versions of TLS by June 30, 2016, but today’s announcement extends this deadline to June 30, 2018.
PCI SSC still recommends migrating to secure versions of these protocols as soon as possible, in order to mitigate the risk of vulnerabilities such as the POODLE attack, and still only allows the use of these insecure protocols for existing implementations and only with a risk mitigation and migration plan, but for those with long lead times to effect this transition, this schedule change allows for more time to do so.
Please contact us for any questions about SSL and TLS as it relates to PCI DSS compliance or for other PCI DSS compliance questions.
About the AuthorMore Content by Jacob Ansari