FutureQuest, Inc. FutureQuest, Inc. FutureQuest, Inc.

FutureQuest, Inc.
Go Back   FutureQuest Community > FutureQuest Site Owners (All may read - Only Site Owners May Respond) > News & Announcements
User Name
Password  Lost PW

View Poll Results: TLSv1.0 Support
I would not be affected by dropping TLS 1.0 Support 6 66.67%
I would be affected by dropping TLS 1.0 Support 0 0%
PCI Compliance is worth breaking things 0 0%
What the heck is TLS 1.0 3 33.33%
Multiple Choice Poll. Voters: 9. You may not vote on this poll

 
Thread Tools Search this Thread Display Modes
Old 04-27-2016, 08:29 AM   Postid: 185143
 Bob
Service Rep
 
Bob's Avatar
 
Join Date: Dec 1999
Location: Jacksonville, Fl
Posts: 5,730
PCI Compliance - TLSv1.0 Encryption Support

Trustkeeper and other providers have begun failing sites during PCI Compliance scans for TLS 1.0 Encryption support.

This is one of those areas where PCI compliance may drive changes that could cause issues for some sites as many older applications may still rely on TLSv1.0, such as Android 4.2 and earlier.

We are asking our site owners to post in the included Poll as to whether they would be affected by dropping support for TLSv1.0, as well as posting why dropping, or keeping, TLSv1.0 support would be preferable.

-Bob
Bob is offline  
Old 05-04-2016, 05:19 AM   Postid: 185160
 Terra
CTO FutureQuest, Inc.
 
Terra's Avatar
 
Join Date: Jun 1998
Location: Z'ha'dum
Posts: 8,108
Re: PCI Compliance - TLSv1.0 Encryption Support

...bump...
__________________
The FutureQuest Team
Terra is offline  
Old 05-04-2016, 12:55 PM   Postid: 185164
Wassercrats
Site Owner
 
Wassercrats's Avatar

Forum Notability:
291 pts: An Honor To Be Around
[Post Feedback]
 
Join Date: Nov 2001
Posts: 7,122
Re: PCI Compliance - TLSv1.0 Encryption Support

What are the most popular tools that would break if you dropped support for v 1.0? Would visitors to my website who use IE 6 not be able to view it? I selected "What the heck is TLS 1.0."
Wassercrats is offline  
Old 05-04-2016, 01:06 PM   Postid: 185165
 Kevin
Systems Administrator
 
Kevin's Avatar
 
Join Date: Aug 2001
Location: Orlando, FL
Posts: 2,986
Re: PCI Compliance - TLSv1.0 Encryption Support

If you have a browser you want to check you can check it here: https://www.ssllabs.com/ssltest/viewMyClient.html
__________________
Kevin
Kevin is offline  
Old 05-04-2016, 01:23 PM   Postid: 185166
 Kevin
Systems Administrator
 
Kevin's Avatar
 
Join Date: Aug 2001
Location: Orlando, FL
Posts: 2,986
Re: PCI Compliance - TLSv1.0 Encryption Support

As far as IE6 goes, by default it only supports SSL2 and SSL3 by default. It is possible to configure it to do TLS1.0. Here are the steps: http://www.ccnow.com/files/How_to_En...S_v1_in_IE.pdf

So, we have already disabled support for IE6 in the default configuration. This change would be the final end of support for IE6 in any configuration.

As far as "What the heck is TLS 1.0." goes, it is the 1999 replacement for SSL 3.0 which itself was replaced by TLS 1.1 in 2006. The current version is TLS 1.2 as of 2008.
__________________
Kevin
Kevin is offline  
Old 09-22-2016, 06:52 PM   Postid: 185372
 Terra
CTO FutureQuest, Inc.
 
Terra's Avatar
 
Join Date: Jun 1998
Location: Z'ha'dum
Posts: 8,108
Re: PCI Compliance - TLSv1.0 Encryption Support

Due to client reported issues with PCI compliance scanning and the grace period has now expired, we have officially deprecated TLSv1.0 in the mail protocols...

I am currently working on disabling it in the ApacheSSL engines as well and will post up when that work has been completed...

If you encounter any problems with the removal of TLSv1.0, please let us know which browser or email client you are using...
__________________
The FutureQuest Team
Terra is offline  
Old 09-22-2016, 06:59 PM   Postid: 185373
hobbes
Have you hugged a tiger today?
 
hobbes's Avatar

Forum Notability:
1363 pts: A True Crowd-pleaser!
[Post Feedback]
 
Join Date: Mar 2000
Location: Third Sol Planet Posts: Far too many. Oh ok -
Posts: 2,887
Re: PCI Compliance - TLSv1.0 Encryption Support

Is that why email started failing for me 30 mins ago? Outlook/Win and Mail/iOS
hobbes is offline  
Old 09-22-2016, 07:11 PM   Postid: 185374
hobbes
Have you hugged a tiger today?
 
hobbes's Avatar

Forum Notability:
1363 pts: A True Crowd-pleaser!
[Post Feedback]
 
Join Date: Mar 2000
Location: Third Sol Planet Posts: Far too many. Oh ok -
Posts: 2,887
Re: PCI Compliance - TLSv1.0 Encryption Support

Can we get the email change undone pending guidance on how to reconfigure mail apps?
hobbes is offline  
Old 09-22-2016, 07:13 PM   Postid: 185375
 Terra
CTO FutureQuest, Inc.
 
Terra's Avatar
 
Join Date: Jun 1998
Location: Z'ha'dum
Posts: 8,108
Re: PCI Compliance - TLSv1.0 Encryption Support

The ApacheSSL engines have been updated as well...

Currently, we support all PCI compliant SSL protocols and have disabled the ones that are not:
non-compliant: SSLv2, SSLv3, TLSv1.0
compliant: TLSv1.1, TLSv1.2

As an aside, TLSv1.1 was defined in April of 2006...
__________________
The FutureQuest Team
Terra is offline  
Old 09-22-2016, 07:18 PM   Postid: 185376
 Terra
CTO FutureQuest, Inc.
 
Terra's Avatar
 
Join Date: Jun 1998
Location: Z'ha'dum
Posts: 8,108
Re: PCI Compliance - TLSv1.0 Encryption Support

Hobbes, if it is for a MQS, then yes, but if a Community Server - then no...

On the topic of mail apps, I think they will need to be upgraded to a version that supports >= TLSv1.1

Overall, I don't necessarily like having to do this, but PCI Compliance finally pushed our hand as some of our clients were unable to get certified today... Also, we can't just disable TLSv1.0 for specific clients, as the daemons handle all connections for that server...
__________________
The FutureQuest Team
Terra is offline  


Currently Active Users Viewing This Thread: 1 (0 members and 1 visitors)
 

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 12:26 AM.


Running on vBulletin®
Copyright © 2000 - 2019, Jelsoft Enterprises Ltd.
Hosted & Administrated by FutureQuest, Inc.
Images & content copyright © 1998-2019 FutureQuest, Inc.
FutureQuest, Inc.