Comments on: Percona disabling TLSv1.0 May 31st 2016 https://www.percona.com/blog/percona-disabling-tlsv1-0-may-31st-2016/ Mon, 30 May 2016 19:43:38 +0000 hourly 1 https://wordpress.org/?v=6.5.2 By: David Busby https://www.percona.com/blog/percona-disabling-tlsv1-0-may-31st-2016/#comment-10966535 Mon, 30 May 2016 15:27:14 +0000 https://www.percona.com/blog/?p=35768#comment-10966535 Petr,

At the time of writing this comment there has been no changes to official documentation and as far as I am able to tell this means PCI will continue as planned to deprecate TLS version 1.0 June 30th 2016.

Now that being said from the link you have provided (thank you) and PCI’s own blog I interpret the articles as saying:

– PCI will Deprecate June 30th 2016 TLSv1
– PCI will enforce an absolute deadline of 2018 to allow for transition

Meaning from 2018 if you have not transitioned then you will no longer be in compliance.

I see no reason therefor to delay our transition away from TLS version 1.0 which was introduced in January of 1999 some 17 years old at the time of writing.

Especially given POODLE, DROWN, BEAST, CRIME (to name but a few) attacks against other aging protocols as part of the SSL standard.

]]> By: Petr https://www.percona.com/blog/percona-disabling-tlsv1-0-may-31st-2016/#comment-10966510 Mon, 23 May 2016 18:55:03 +0000 https://www.percona.com/blog/?p=35768#comment-10966510 PCI postponed deprecation of TLS 1.0. It os in 2018 now.
http://www.eweek.com/security/companies-get-two-year-reprieve-in-being-fully-pci-dss-compliant.html

]]>