0

PCI SSC: Bulletin on Migrating from SSL and Early TLS

Download the Bulletin. Key points and deadlines:

  • All processing and third party entities ? including Acquirers, Processors, Gateways and Service Providers must provide a TLS 1.1 or greater service offering by June 2016
  • Consistent with the existing language in the DSS v3.1, all new implementations must be enabled with TLS 1.1 or greater
  • All processing and third party entities must cutover to a secure version of TLS (as defined by NIST) effective June 2018
  • The use of SSL/TLS 1.0 within a POI terminal that can be verified as not being susceptible to all known exploits for SSL and early TLS, with no demonstrative risk can be used beyond June 2018 consistent with the existing language in the DSS v3.1 for such an exception

eliotn

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.