PCI DSS

Pierluigi Paganini May 08, 2015
PCI DSS 3.1 and SSLv3: It’s best time to remove the 20 year old SSL protocol

To address the risk PCI DSS 3.1 updates requirements 2.2.3, 2.3 and 4.1 to remove SSL and early TLS as examples of strong cryptography.  “The National Institute of Standards and Technology (NIST) has identified the Secure Socket Layers (SSL) v3.0 protocol as no longer being acceptable for protection of data due to inherent weaknesses within the […]