When we talk about the SSL/Early TLS to TLS 1.1+ migration, we are generally referring to one of two scenarios: We at have created this migration guide to assist you in the complexities behind migrating to TLS 1.2 supported systems. Although merchants, POS systems and other payment providers now have a little breathing room to prepare for the migration, the payments industry has already begun to move in that direction. That being said, PCI DSS 3.2 does not officially come into effect until February 2017, with the SSL and Early TLS to TLS 1.2 migration requirement pushed even further to June 30th, 2018. As of 05/18/16 and PCI DSS version 3.2, TLS 1.1 is the minimally accepted standard. Soon thereafter, the first version of TLS, TLS 1.0, was also considered insecure. Because of these weaknesses, no version of SSL meets PCI SSC’s definition of “strong cryptography,” and revisions to the PCI Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS) are necessary. The National Institute of Standards and Technology (NIST) has identified the Secure Socket Layers (SSL) v3.0 protocol (a cryptographic protocol designed to provide secure communications over a computer network) as no longer being acceptable for protection of data due to inherent weaknesses within the protocol.
The special bulletin, which can be found here, stated the following: On February 13, 2015, the PCI SSC released a bulletin announcing that Secure Socket Layer (SSL) is no longer considered a secure, strong cryptographic protocol for the transmission of data.
0 kommentar(er)
