PCI Compliance - TLSv1.0 Encryption Support

[abrams]

Why did we not receive a warning about this? You just shut down my entire business. Not good.

This is not like futurequest to not send out warnings and notices that this was coming.

[Terra]

This notice was posted: 04-27-2016, 05:29 AM

The main issue was getting this fixed quickly for some clients that were having failed PCI compliance scans which are integral to their ecommerce operations... We generally react quite quickly to such things and given the writing on the wall was posted back in April of 2016, we went ahead and pulled the trigger to fix current client complaints...

If this has shutdown your entire business, please detail exactly how removing TLSv1.0 has done so and we'll see if we can find a workaround...

[abrams]

Posted?

Are you serious? Do you think this forum is really THE place to announce this?

Why were clients not sent emails regarding this?

You knew about this problem since APRIL OF 2016 and you sent nothing out to your clients.

The only effort you made was a little notice on your obscure forum? Seriously?

WOW! Unbelievable.

My business? You shut down my business email, you nit.

Unbelievable.

[jestaguy]

Hi Terra,
I'm seeing an issue on Apple devices (both the Mac and IOS) using the stock email client. Can you provide a little guidance on the settings to get the client to work? With SSL enabled, the client cannot connect to the email server. Disabling SSL seems to work in receiving email but not for sending.

Any assistance would be great, thanks!

[hobbes]

jestaguy - SMTP (outbound) email server settings are separately configured in iPhone Mail. You would have to disable both, but for security reasons shouldn't. Quick searches show that iPhone Mail only support TLS 1.0; hopefully this is incorrect, otherwise I can't see how FQ could proceed ahead with this. Hopefully they'll provide some guidance...

[Terra]

Abrams, couple things:
1) We post all work announcements and updates to the public forums, and we've done that since 1998... Given the critical nature of PCI scans, we moved forward to fix this as quickly as possible...
2) Which aspect has caused failure, the ApacheSSL or Email part of the TLSv1.0 deprecation?
3) If email, which protocol? POP3S, SMPTS, IMAPS

We are truly sorry that this has affected you directly, we never want to see fallout from a change such as this...

We are looking to see about deploying a temporary bandaid solution by putting up a TLSv1.0 capable service on a non-standard port... However, we have to double check to make sure the PCI compliance scans won't find it as I've seen some scan the entire TCP port range looking for listeners...

jestaguy: We did some checks and:
IOS >= 5
OSX >= 10.8

[abrams]

I've been with futurequest since 2001. I've stayed because of the exceptional customer service and uptime. Clearly something has changed. The original futurequest would NEVER do something like this without notice, several notices in fact.

[Terra]

Hobbes, we are between a rock and a hard place:
clients <=> FQ <=> PCI

and we got squeezed to make this change quickly due to the nature of ecommerce sites...

We are open to suggestions on how to solve this for both the clients and PCI compliance...

[abrams]

Terra,

I'm using POP email because that is what you/futurequest told me to use? I have the same issue as jestaguy, only my desktop thunderbird email.

[hobbes]

For now, TLS 1.0 HAS to be re-enabled for email until the situation is resolved. Leave it off for HTTPS as browsers appear to have better support.

I have to agree that having no heads up was a bummer. I spent 30 minutes troubleshooting before finally realizing it had to be a change at FQ. I checked the forums but didn't see anything at first so figured it had to be on my end.

iPhone Mail appears hopeless thus far. Hopefully someone else has a solution for that.

For Outlook, I tried the following to no avail. I'm running Outlook 2016 on Win7 and would welcome suggestions.
https://blogs.technet.microsoft.com/...-on-windows-7/