user714142 February 2016

SSL and TLS 1.0 PCI Compliance

We recently received a couple of notifications from major gateways stating that "The PCI Council says you must remove completely support for SSL 3.0 and TLS 1.0. In short: servers and clients should disable SSL and then preferably transition everything to TLS 1.2."

My question is, if we disable 3.0 and TLS 1.0 completely on our servers and make the required adjustments on our code, will our customers, who use old browsers, still be able to access our website? unfortunately we know that at least 10% of our customers uso IE 8.

I am confused about this change and want to make sure I understand whether or not there is an impact on the customers' side (website's visitors)

Thanks for your help.

Answers


Steffen Ullrich February 2016

unfortunately we know that at least 10% of our customers use IE 8.

IE 8 at least on Windows XP does not support TLS 1.1 or TLS 1.2. If you are on the obsolete platform XP you would need to use Firefox or Chrome as long as these are still available for this platform.

Post Status

Asked in February 2016
Viewed 3,804 times
Voted 9
Answered 1 times

Search




Leave an answer