As of May 31st, 2016, we will be disabling TLSv1.0 support on www.percona.com, repo.percona.com, etc.
This is ahead of the PCI changes that will affect the June 30th 2016 deprecation the TLSv1.0 protocol. (PDF)
What does this mean for you the user?
Based on analysis of our IDS logs, this will affect around 6.32% of requests. As of May 31st, such requests will present an error when trying to negotiate a TLS connection.
Users are advised to update their clients accordingly. SSLabs provides a good test for browsers, though this does not support command line tools. Going forward, we will only support TLSv1.1 and TLSv1.2.
These changes come a little over a year from our previous SSL overhaul, and are part of our ongoing effort to ensure the security of our users.
Thank you for your time. Please leave any questions in the comments section, or email us at security(at)percona.com.
PCI postponed deprecation of TLS 1.0. It os in 2018 now.
http://www.eweek.com/security/companies-get-two-year-reprieve-in-being-fully-pci-dss-compliant.html
Petr,
At the time of writing this comment there has been no changes to official documentation and as far as I am able to tell this means PCI will continue as planned to deprecate TLS version 1.0 June 30th 2016.
Now that being said from the link you have provided (thank you) and PCI’s own blog I interpret the articles as saying:
– PCI will Deprecate June 30th 2016 TLSv1
– PCI will enforce an absolute deadline of 2018 to allow for transition
Meaning from 2018 if you have not transitioned then you will no longer be in compliance.
I see no reason therefor to delay our transition away from TLS version 1.0 which was introduced in January of 1999 some 17 years old at the time of writing.
Especially given POODLE, DROWN, BEAST, CRIME (to name but a few) attacks against other aging protocols as part of the SSL standard.