Death of TLS 1.0

Written by:
Date Posted:
25 May 2018

Does your company still use the SSL/early TLS protocols? Do you work with online and ecommerce partners or customers who haven’t started migrating away from SSL/early TLD, to a more robust security protocol? You need to read this.

What is PCI?

PCI is a standard set out by the major credit card brands and run by a council they set up called the Payment Card Industry Security Standards Council. It was established to give greater control over cardholder data in an attempt to reduce fraud. 

What is SSL/early TLS?

Transport Layer Security (TLS) is a crypto protocol that’s used to establish a secure link between two computers. It’s used to authenticate the computers and protect the data sent between the two systems. Originally developed as SSL by Netscape in the early 90s. TLS 1.0 was launched in 1990. So, as you can imagine, it’s got more holes in than some swiss cheese. It’s now beyond patching, so people need to stop using it. 

What’s changing with PCI?

On the 30th of June this year, the PCI council is going to reject any payments attempted via the not very secure TLS1.0 encryption standard. 

Hyve’s Recommendation

Dean Luxton, one of our engineers says:

"Stop using TLS 1.0 and 1.1. Only use TLS 1.2 which has a much higher level of encryption. Take steps towards insuring AEAD ciphers are in use as they will soon become the standard. (AEAD ciphers are the only ones with no known vulnerabilities)."

In short, upgrade your TLS now. 

Tools for testing configuration
SSL Labs

Useful tools for when you are implementing changes
Mozilla SSL config
Nartac Software

Rating: 5.0/5. From 1 vote.
Please wait...

Recommended Videos

Find out why Safestore adopted Hyve as their hosting provider

Case Studies

Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.