SSL security is no longer PCI compliant

by

As you may know SSL is the security standard upon the encrypted Internet was first built. the Secure Socket layer is no longer secure though.

ssl_certificate_003_400_x_400

If you read our POODLE (Padding Oracle On Downgraded Legacy Encryption)post:

http://oversitesentry.com/the-sslv3-vulnerability-fix-and-explanation/

It showed the current reality of SSLv3 (the latest version) is no longer secure.

And thus it is not compliant with PCI (Payment Card Industry DSS3.0)

So there are multiple ways an ethical Hacker can let you know if your webserver is no longer compliant (and you thus have to upgrade to TLSv1.2)

ssl_certificate_hacked

Updated  10/16/16  –  The latest version of PCI is v3.2 and it states if you use Ecommerce on the Internet then SSLv3 and TLSv1.2 must be updated to a “secure” standard. i.e beyond the older insecure standards.

 

 

 

Contact Us to fill out a permission document so that we can test your website. (is _your_ website compliant?)

2 thoughts on “SSL security is no longer PCI compliant”

  1. Pingback: Bank Website “Not Verified” says Chrome | Oversite Sentry
  2. Pingback: Why Are we in a Big Cybersecurity Mess? – Explaining Security

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.