{"id":9147,"date":"2018-01-22T14:11:00","date_gmt":"2018-01-22T13:11:00","guid":{"rendered":"https:\/\/usd.formwandler.rocks\/ssl-tls-1-0-deadline-fuer-pci-dss\/"},"modified":"2021-07-09T10:41:06","modified_gmt":"2021-07-09T08:41:06","slug":"ssl-tls-1-0-deadline-for-pci-dss","status":"publish","type":"post","link":"https:\/\/www.usd.de\/en\/ssl-tls-1-0-deadline-for-pci-dss\/","title":{"rendered":"SSL \/ TLS 1.0 Deadline for PCI DSS"},"content":{"rendered":"\n<p>The Secure Socket Layer (SSL) protocol developed by Netscape and the Transport Layer Security (TLS) protocol standardised by the Internet Engineering Taskforce (IETF) are encryption protocols that provide authentication and data encryption. Developed in the early 1990s, SSL is the predecessor of TLS and has undergone several revisions over the past few years to address security vulnerabilities and support stronger, more secure cipher suites and algorithms. Among the most important ones are SSL 3.0 (1996), TLS 1.0 (1999), TLS 1.1 (2006) and TLS 1.2 (2008).<\/p>\n\n\n\n<p>Many organisations today still use the early versions of the protocol (&lt;TLS 1.1). In this case, PCI DSS previously required organisations to implement a \u201crisk mitigation\u201d and a \u201cmigration plan\u201d in order to maintain PCI DSS compliance. These include the following requirements:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>Requirement 2.2.3<\/strong><\/td><td>Implement additional security features for any required services, protocols, or daemons that are considered to be insecure.<\/td><\/tr><tr><td><strong>Requirement 2.3<\/strong><\/td><td>Encrypt all non-console administrative access using strong cryptography.<\/td><\/tr><tr><td><strong>Requirement 4.1<\/strong><\/td><td>Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>&nbsp;<br>The PCI SSC (Security Standards Council) has set&nbsp;<strong>30&nbsp;<\/strong><strong>June 2018<\/strong>&nbsp;as the deadline, after the expiration of which&nbsp;<strong>NONE<\/strong>&nbsp;of the early versions of the protocol may any longer be used in the context of the above requirements in order to be PCI DSS compliant. This applies to all versions prior to TLS 1.1.<br>The PCI SSC wants to take action against known exploits such as POODLE or BEAST, which exploit the vulnerabilities associated with the early protocol versions.<br>This rule can only be circumvented by using point of interaction (POI) terminals and proving that the terminals in use, including the termination points to which they connect, are not susceptible to known exploits.<br>&nbsp;<br>(Source:&nbsp;<a href=\"https:\/\/blog.pcisecuritystandards.org\/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls\" target=\"_blank\" rel=\"noopener\">https:\/\/blog.pcisecuritystandards.org\/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls<\/a>)<br>&nbsp;<br><strong>About the PCI Expert Tips:<\/strong><br>With our PCI Expert Tips, we would like to keep you informed about changes to the PCI Security Standards and provide you with initial explanations as to what the changes entail and how they may affect you. Please always take our articles only as a general reference \u2013 they do not replace individual case-by-case evaluations.<br>&nbsp;<br>Should you have any questions or need assistance with your scope definition, please contact us. Our specialists are happy to help you,<br>+49 6102 8631-190<br>sales@usd.de<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Secure Socket Layer (SSL) protocol developed by Netscape and the Transport Layer Security (TLS) protocol standardised by the Internet Engineering Taskforce (IETF) are encryption protocols that provide authentication and data encryption. Developed in the early 1990s, SSL is the predecessor of TLS and has undergone several revisions over the past few years to address [&hellip;]<\/p>\n","protected":false},"author":96,"featured_media":9149,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"off","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"categories":[394],"tags":[],"class_list":["post-9147","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-pci-en"],"_links":{"self":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/9147","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/comments?post=9147"}],"version-history":[{"count":0,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/9147\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media\/9149"}],"wp:attachment":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media?parent=9147"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/categories?post=9147"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/tags?post=9147"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}