PCI Compliance TLS v1.2 or Higher Required
Hello
As a result to recent changes in PCI DSS requirements - customers processing credit cards may receive a notice such as the below from their merchant providers
"As a result of the update, businesses using SSL must either begin using TLS version 1.2 or create a risk mitigation plan with a timeline for when they will stop using SSL encryption or TLS 1.1 and lower versions. Modern web browsers already support TLS v1.2 or higher encryption.
Here is what you need to do by June 30, 2016
If you are not already using TLS version 1.2:
Visit pcisecuritystandards.org/security_standards/
documents.php for help migrating to the updated version and to review a summary of the changes.
Update your server to accept the updated version if you manage and or host your own web acceptance pages.
Contact your Approved Scan Vendor (ASV) and arrange a plan that shows a specific timeline for your migration. It should include the disabling of SSL by June 30, 2016.
Here is what will happen if you do not migrate to TLS version 1.2 by June 30, 2016"
For Cartika customers requiring to meet PCI compliance by June 30th - your account in question (if shared/reseller), your VM or Physical server processing these transactions will need to do the following
LINUX - migrate your account/VM/server to a rhel/centos/cloudlinux v6.x or higher
Windows - migrate your account/VM/server to a Windows 2008R2 server or higher
For those already hosting an appropriate OS, no further action will be required. However, please note, all SSL certs must be running SHA2 and in some cases, older certs will need to be re-issued and re-installed as SHA2
Please note - when migrating the following types of accounts to newer OS versions, please account for the below
1) Hsphere Linux (reseller) - typically, newer servers, with newer OS versions, also have newer versions of PHP. you need to ensure your applications are compatible with these newer versions of PHP before requesting your account be migrated to address PCI concerns
2) Hsphere Windows (reseller), Plesk Windows (reseller), cPanel Linux (reseller) - these solutions can typically support multiple versions of PHP. so, please confirm you are at least compliant with any current version of PHP before requesting the migration
3) customers with their own servers and/or VMs - can request any version of PHP they want (within reason and within PHP support) on their new VM with the newer OS required to support higher levels of TLS as required by PCI DSS standards
Related Articles
Add Let's Encrypt to cPanel
The Let's Encrypt™ plugin allows you to automatically provision cPanel accounts with Let's Encrypt SSL certificates for sites that do not already have valid CA-signed SSL certificates. Notes: cPanel & WHM version 58.0 + Required This ...
Securing SSL on Windows 2008 R2
To secure SSL on windows 2008 R2 please do the following: 1. Create an empty reg file. 2. Copy the following content into it: ======================================================================================== Windows Registry Editor Version ...
HIPAA Managed Policies
Securing the infrastructure, network, and hosting environment using best practices for HIPAA compliance is a vital part of Cartika's ongoing policy of providing a HIPAA compliant platform for your business or organization. DATACENTERS & PHYSICAL ...
cPanel AutoSSL
We have seen reports indicating that AutoSSL can reconfigure the cPanel email manual setup instructions, specifically Auto-enabled Mail SNI. Any client who once had their SSL/TLS SMTP/IMAP server set to the server's service domain, and did not have ...
How to Migrate Email Between Hosting Companies/Domains
Disclaimer/Notice: The below is for advanced users and is provided only as a courtesy - Cartika Hosting Support cannot assist with the operation/setup of this script beyond providing basic mail settings. All support inquiries need to go to the ...