Disabling of SSLv3 and TLS on ZZ Servers Services January 8, 2016

Lantronx PVR Series - IT support and cybersecurity solutions for data recovery.

With widespread and disastrous SSL/TLS vulnerabilities taking place such as POODLE and FREAK, SSL and early TLS versions are no longer considered strong cryptography and any web site that still uses them is insecure.

For PCI Clients:

According to the new rules in PCI DSS v3.1, companies have until June 30, 2016 to update to a more recent version of TLS (1.2). Prior to this date, existing implementations using SSL or an early TLS must have a formal risk mitigation and migration plan in place.

The PCI DSS v3.1 requirements directly affected are:

  • Requirement 2.2.3 Implement additional security features for any required services, protocols, or daemons considered insecure.
  • Requirement 2.3 Encrypt all non-console administrative access using strong cryptography.
  • Requirement 4.1 Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks.

For Non-PCI clients, this will add extra security measures for your environments and affect connecting to any ZZ Servers Services.

ZZ Servers will be disabling SSLv3, TLS 1.0, TLS1.1 and all related weak ciphers for these protocols January 8, 2016 for all ZZ Servers services. Please update and test your application(s) and services as needed. Please contact your Account Manager as soon as possible if you require assistance with this change.

What do you think?

Leave a Reply

Related articles

Contact us

Partner with Us for Comprehensive IT

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Your benefits:
What happens next?
1

We Schedule a call at your convenience 

2

We do a discovery and consulting meting 

3

We prepare a proposal 

Schedule a Free Consultation