The PCI council has stated that by the 30 June 2018 all SSL/early TLS encryption protocols should be disabled in favour of TLS 1.1 or higher (TLS v1.2 is soon to be mandated by most payment gateways) in order to meet the PCI Data Security Standard (PCI DSS) for safeguarding payment data. Please note that all Dx3webs servers support TLS v1.2.
In order to ensure you are PCI compliant we will be disabling TLS v1.0 before the 30th June.
The PCI DSS v3.1 requirements directly affected are:
Requirement 2.2.3 – Implement additional security features for any required services, protocols, or daemons that are considered to be insecure.
Requirement 2.3 – Encrypt all non-console administrative access using strong cryptography.
Requirement 4.1 – Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks.
What does this mean?
There are still a significant number of devices in use that ONLY support up to TLS 1.0. Post 30th July users of these devices / platforms will no longer be able to connect to your store. This will inevitably lead to an increase in queries from your end users on this matter. However, as most stores / hosts will also be disabling TLS 1.0 at this time these users will face the same problem across most sites.
Examples of platforms / devices that will be affected.
Android 2.3.7 – 4.3
IE 6 / XP
IE 7 / Vista
IE 8 / XP
IE 8-10 / Win 7
IE Mobile 10 / Win Phone 8.0
Safari 5.1.9 / OS X
10.6.8 Safari 6.0.4 / OS X 10.8.4
The only advice you can give end users is to update software if possible or in the case of devices that are no longer maintained upgrade the device.