Are you prepared for TLS 1.2 Update? You can’t escape it anymore!
The PCI Security Standards Council is requiring all payment processors and merchants to disable early TLS and move to TLS 1.2 as soon as possible.
Many major payment gateways are heeding this advice. PayPal and Braintree now already requires TLS 1.2, and has disabled all older protocols (SSL v3, TLS 1.0, & TLS 1.1). Authorize.Net will also be following suit as well as disabling everything below TLS 1.2 from September 18, 2017. So, if you are using PayPal or Braintree with your eCommerce store, you have to make sure that your server supports TLS 1.2 or you risk being unable to process payments. If you continue to accept SSLv3 or TLS 1.0 connections even after June 2018, your website will not be PCI-compliant.
Know what is the difference between SSL & TLS
Secure Socket Layer or SSL and Transport Layer Security or TLS are both protocols that encrypt as well as authenticate data when information is sent between applications & servers. The difference between SSL & TLS is how the encryption is initiated. SSL came in the 90s but it was only around for a few years before some major problems were identified. The POODLE or Padding Oracle On Downgraded Legacy Encryption attack in 2011 was the last straw for SSL. The use of SSL is not recommended anymore. Then TLS 1.0 came which is basically an updated version of the SSL protocol. TLS 1.1, 1.2, as well as 1.3 have built on top of that with better security. Now TLS is the only protocol that everyone should use.
Your security certificate is not going to impact your SSL or TLS protocols. Getting a new certificate will not change whether or not you’re using SSL or TLS, as well as your existing SSL or TLS certificate works with both.
Supporting TLS is a change that basically occurs at the server level, based on the versions as well as configuration of your server OS as well as software.
Protect your customers & your business – Support TLS 1.2 Now
When web security is constantly evolving as well as improving, keeping up to date as well as taking necessary steps to maintain PCI compliance is the responsibility for each and every eCommerce store. It will not only help you protect your customers but also it will help you protect your own company. Businesses whose customer database or credit card information had been stolen had suffered irreparable damage. Don’t forget that it takes many months and sometimes years to gain customers trust but only a moment to lose.
By supporting TLS 1.2, you will be able to protect both your customers as well as your own business. TLS 1.2 is after all one of the most secure versions of SSL/TLS protocol that is specifically designed in order to prevent eavesdropping, tampering, as well as message forgery.