SSL v3.0 do not meet PCI criteria

240_F_56504934_cSwUYfhhVcNWYGxsStKgbogEP5IxywaR

Secure Socket Layers (SSL) v3.0 protocol

Based on the statement of the National Institute of Standards and Technology (NIST) about the inherent weakness of the Secure Socket Layer (SSL) v3.0 protocol, the PCI Council announced that the SSL protocol will not be anymore fulfil the PCI requirement criteria of “strong cryptography”

Because of these weaknesses the PCI Council announced on February 13, no version of SSL meets PCI SSC’s definition of “strong cryptography,” and revisions to the PCI Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS) are necessary.

After working with stakeholders over the last several months to understand the impact to the industry, the Council will soon publish PCI DSS v3.1 and PA-DSS v3.1 to address this issue and provide other minor updates and clarifications. When published, PCI DSS v3.1 will be effective immediately, but impacted requirements will be future-dated to allow organizations time to implement the changes.

for detailed information see here PCI Council’s article

Ralph Wörn2022-11-24T17:48:20+01:0014.2.2015|PA-DSS, PCI Compliance, PCI DSS|