TLS 1.0 PCI Deadline – June 30, 2018

The payment card industry (PCI) council has set a deadline of June 30, 2018 to no longer have support for TLS 1.0 (an insecure SSL Protocol). After this date, any website allowing TLS 1.0 and wanting to be PCI compliant will no longer be compliant.

What is TLS?

TLS is a security protocol that allows connections to be encrypted and secure. TLS 1.0, first released in 1999, is now considered an insecure protocol. Many vulnerabilities have been discovered in this very old protocol, including man-in-the-middle attacks. Because of this, the PCI council has determined that TLS 1.0 should no longer be supported for any system that handles sensitive information like credit card details.

What does this mean for visitors?

If your website no longer supports TLS 1.0, this may cause visitors using older computers or browsers to not be able to view any secure page on your site. The biggest issue is likely people using Internet Explorer (versions 6 through 10) as their web browser.

Other browsers that will no longer work without TLS 1.0 include:

  • Firefox version 27 or lower
  • Google Chrome version 29 and lower
  • Google Android Browser version 4.4 or lower
  • iOS 4 devices
  • Safari version 8 or lower

Other deadlines to be aware of

  • Authorize.net will stop support for TLS 1.0 after February 28, 2018.
  • UPS will stop support for TLS 1.0 after December 31, 2017.

How do I know if my site supports TLS 1.0 still?

Fortunately, our new scanning system for Why No Padlock? includes a test for TLS 1.0 support. Just enter your website URL, and the results will report on TLS 1.0 support, as well as checking any page to be 100% secure.