符合SSL和TLS 1.0 PCI
[英]SSL and TLS 1.0 PCI Compliance
问题描述
We recently received a couple of notifications from major gateways stating that "The PCI Council says you must remove completely support for SSL 3.0 and TLS 1.0. In short: servers and clients should disable SSL and then preferably transition everything to TLS 1.2." 
我们最近从主要网关收到了几条通知,指出“ PCI委员会表示您必须完全取消对SSL 3.0和TLS 1.0的支持。总之:服务器和客户端应禁用SSL,然后最好将所有内容过渡到TLS 1.2。”
My question is, if we disable 3.0 and TLS 1.0 completely on our servers and make the required adjustments on our code, will our customers, who use old browsers, still be able to access our website? 我的问题是,如果我们在服务器上完全禁用3.0和TLS 1.0,并对代码进行必要的调整,使用旧浏览器的客户是否仍然可以访问我们的网站? unfortunately we know that at least 10% of our customers uso IE 8. 不幸的是,我们知道至少有10%的客户使用IE 8。
I am confused about this change and want to make sure I understand whether or not there is an impact on the customers' side (website's visitors) 我对此更改感到困惑,并想确保我了解对客户方面(网站的访问者)是否有影响
Thanks for your help. 谢谢你的帮助。
2 个解决方案
解决方案1
0 2016-02-08 17:54:08
unfortunately we know that at least 10% of our customers use IE 8.
IE 8 at least on Windows XP does not support TLS 1.1 or TLS 1.2. 至少在Windows XP上,IE 8不支持TLS 1.1或TLS 1.2。 If you are on the obsolete platform XP you would need to use Firefox or Chrome as long as these are still available for this platform. 如果您使用的是过时的平台XP,则需要使用Firefox或Chrome,只要它们仍可用于该平台。
解决方案2
0 2018-06-07 17:57:52
You should try to make passing PCI compliance scans a priority. 您应该尝试将通过PCI合规性扫描作为优先事项。 On a server running Apache, go to your httpd.conf file and you will need this line in the appropriate section: 在运行Apache的服务器上,转到您的httpd.conf文件,您将在相应的部分中需要以下行:
SSLProtocol -All +TLSv1.2
Find the official documentation at https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslprotocol . 在https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslprotocol上找到官方文档。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.