Cartika

Welcome, Guest Login

Support Center

PCI Compliance TLS v1.2 or Higher Required

Last Updated: Oct 16, 2015 05:07PM EDT
Hello

As a result to recent changes in PCI DSS requirements - customers processing credit cards may receive a notice such as the below from their merchant providers

"As a result of the update, businesses using SSL must either begin using TLS version 1.2 or create a risk mitigation plan with a timeline for when they will stop using SSL encryption or TLS 1.1 and lower versions. Modern web browsers already support TLS v1.2 or higher encryption.


Here is what you need to do by June 30, 2016
If you are not already using TLS version 1.2:

Visit pcisecuritystandards.org/security_standards/
documents.php for help migrating to the updated version and to review a summary of the changes.

Update your server to accept the updated version if you manage and or host your own web acceptance pages.

Contact your Approved Scan Vendor (ASV) and arrange a plan that shows a specific timeline for your migration. It should include the disabling of SSL by June 30, 2016.

Here is what will happen if you do not migrate to TLS version 1.2 by June 30, 2016"

For Cartika customers requiring to meet PCI compliance by June 30th - your account in question (if shared/reseller), your VM or Physical server processing these transactions will need to do the following

LINUX - migrate your account/VM/server to a rhel/centos/cloudlinux v6.x or higher
Windows - migrate your account/VM/server to a Windows 2008R2 server or higher

For those already hosting an appropriate OS, no further action will be required. However, please note, all SSL certs must be running SHA2 and in some cases, older certs will need to be re-issued and re-installed as SHA2

Please note - when migrating the following types of accounts to newer OS versions, please account for the below

1) Hsphere Linux (reseller) - typically, newer servers, with newer OS versions, also have newer versions of PHP.  you need to ensure your applications are compatible with these newer versions of PHP before requesting your account be migrated to address PCI concerns
2) Hsphere Windows (reseller), Plesk Windows (reseller), cPanel Linux (reseller) - these solutions can typically support multiple versions of PHP.  so, please confirm you are at least compliant with any current version of PHP before requesting the migration
3) customers with their own servers and/or VMs - can request any version of PHP they want (within reason and within PHP support) on their new VM with the newer OS required to support higher levels of TLS as required by PCI DSS standards


 

Contact Us

sales@cartika.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete