June 30, 2018 is the deadline
As warned by the PCI Security Standards Council, June 30, 2018 is the deadline to disable SSL/early TLS and comply to newer revisions of the TLS protocol. TLS 1.1 will be required, and version 1.2 (or even 1.3, which has been recently approved) is strongly encouraged. The council provides guidelines and resources to help migrate servers to the updated encryption protocol.
Old client software could stop working
As recently pointed out, even if running on recent infrastructure, older code could fail to connect to servers that have been patched to disable SSL/early TLS. For example, applications that target versions 4.5 or earlier of the .NET Framework use SSL 3.0 and TLS 1.0 by default, and will likely trigger a SocketException
when attempting to establish connection to the updated server.
Options to address the matter include updating the problematic code to target version > 4.6 of the .NET Framework, modifying the code to specify the newer encryption protocol, or meddling in the machine registry. In any case, you’ll most likely need help from professional software developers to guarantee that the fixes scale across all your infrastructure and persist in time.
Follow the warnings
How can you tell if your organization is falling behind in terms of security protocols? This post should not be a surprise to anyone, there are warning signs! The information has been out for a while and if your infrastructure is outdated, you should be receiving warnings and reminders from your provider for several months now.
Likewise, misconfigured or weak transport SSL/TLS protocols are being increasingly considered insecure by recent navigators. The effects of this are very visible to the different users of your web infrasctructure. Your system might still work, but it will throw pesky warnings.
We can help
Feel lost? Need help assessing your current state of software compliance? Tired of receiving security reminders and no one taking action? Can’t get a hold of your freelance / consultant developer? Our team of caring developers and technical experts is ready to assist.
Please send your requests to info@nexusinno.com!