WHMCS Robert Posted January 14, 2016 Share Posted January 14, 2016 WHMCS Public Service Annoucement PCI v3.1 The Payment Card Industry (PCI) Security Standards Council has released a new version, v3.1 and it is mandatory that you verify your systems' compliance by June 30th 2016 to avoid service interruptions. Why are we telling you this? PCI v3.1 will affect all of us and there are steps that we each must take in order assure our information is secure in the coming year. Beginning June 30th 2016, any SSL version (including SSLv3) as well as TLS 1.0 will no longer meet security standards due to vulnerabilities that cannot be amended. Most merchant gateways along with other service providers will soon start disabling SSLv3 and TLS v1.0 connectivity on their servers. How does this affect my business? WHMCS uses SSL libraries to connect to merchant gateways and certain other service providers. If the target server disabled an outdated security protocol following PCI requirements, and your server's SSL library cannot support a newer protocol version, the connectivity may be affected. What to do? The first step should be to ensure your server SSL libraries support TLS 1.1 or 1.2. We also encourage you to contact your merchant gateways to determine if their servers will be affected by the upcoming changes published by PCI. The PCI Security Standards council and WHMCS suggest making sure all applications and system patches are up to date. What happens if I do nothing? Most hosts will not require any changes. However, if you are running older OS versions and/or SSL libraries, you may start experiencing failures to connect to your merchant gateway and/or other TLS-enabled service providers. This may result in inability to process credit cards as well as other issues. What we are doing to help? WHMCS 6.2 Health and Updates will tell you if your installation supports TLS 1.1 or 1.2. If your installation does not support one of these TLS versions, you will see a warning. For additional information we recommend the following sources: Migrating Tactics https://www.pcisecuritystandards.org/documents/Migrating_from_SSL_Early_TLS_Information%20Supplement_v1.pdf What to do now? https://www.pcicomplianceguide.org/pci-dss-v3-1-and-ssl-what-you-should-do-now/ Security Standards https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf Link to comment Share on other sites More sharing options...
Recommended Posts