Learn how to retire SSL and early TLS protocals.
Sunset of SSL and early TLS protocols
A key aspect of the Payment Card Industry Data Security Standard (PCI DSS) is the discontinuation of the use of Secure Sockets Layer (SSL) and early Transport Layer Security (TLS). SSL and TLS are cryptographic protocols previously used to comply with the secure transmission requirements specified in the PCI DSS. After numerous vulnerabilities were identified, the PCI SSC required that all use of SSL and early TLS protocols be discontinued by June 30, 2016. In December 2015, the PCI SSC extended that deadline to June 30, 2018. In place of SSL and early TLS, organizations should use TLSv1.1, if not TLSv1.2.
The extension gives organizations some breathing room; however, TrustCommerce recommends that all use of early TLS be transitioned to at least TLSv1.1, if not TLSv1.2 by the earliest possible date. SSL and TLSv1.0 have numerous vulnerabilities that could be exploited to expose your PCI and other sensitive data.
All TrustCommerce web-based products and services presently support TLSv1.0, TLSv1.1, and TLSv1.2. In alignment with the extension, TrustCommerce has not yet announced retirement dates for TLSv1.0.
If you would like to learn more about migrating from these protocols, please find the PCI SSC’s Bulletin on Migrating from SSL and Early TLS here. You will want to review this resource thoroughly to ensure that your organization fully complies with all applicable requirements, guidelines, and best practices.