In April 2015, the PCI Security Standards Council (PCI SSC) released version 3.1 of the PCI Data Security Standard (PCI DSS). As part of this updated standard, TLS 1.0 was officially flagged as no longer meeting the security standards for PCI and a sunset deadline was put in place for June 30th, 2016. In response, Yottaa began planning for the removal of TLS 1.0 from our network with a target of Q1, 2016.
Note: Yottaa implemented a plan to remove SSL 3.0 from our network and the work was completed in June of 2015.
In December of 2015, the PCI SSC announced that the sunset deadline for TLS 1.0 was being extended from June 30th, 2016 to June 30th, 2018. In response to this change in deadlines, we has placed our plans on hold to remove TLS 1.0 from our edge nodes. All existing customer topologies will continue to support TLS 1.0 until at least Q1 2017.
For more info on PCI DSS 3.1 and the importance of this migration, please review these resources made available by the PCI SSC:
- April 2015 PCI DSS 3.1
- April 2015 Summary of Changes from PCI DSS 3.0 to 3.1
- December 2015 Bulletin on extended migration dates
- Migrating from SSL and Early TLS Webinar
Note: The analysis we’ve done (via the Traffic Analytics Dashboard - available in your accounts in the the Yottaa Portal) suggests that TLS 1.0 traffic accounts for roughly 1.5% of all customer traffic at this time.
If you have any questions or concerns regarding this announcement, please contact your Yottaa Account Manager or Yottaa Customer Support.