Quote:
Originally Posted by cflsystems
This also says "Additionally, use of weak cipher suites or unapproved algorithms – e.g., RC4, MD5, and others – is not allowed." XC uses MD5 for hashing just about everywhere...
|
MD5
"....has been found to suffer from extensive vulnerabilities" (sic) and, it's not the only dated security process that XC are/was using.
We'll be re-inspecting some particular bug fixes once the next upgrades are available at Merchant Wave.
Quote:
Originally Posted by cflsystems
Same should apply to earlier versions of Chrome, Firefox, etc So yes I guess we are going back to the really annoying messages showing on sites - please update your browser or use blah-blah-blah...
|
We exclude SSL 1.0, 2.0, 3.0 and TLS 1.0 by default and are using TLS 1.2 and TLS 1.3 ciphers only.
That means that some old browser and/or O/S users simply can't visit us at all. We're happy with that. C'est La Vie
Quote:
Originally Posted by cflsystems
Maybe off topic but I don't hear PCI council saying anything about the Equifax case. This just makes PCI not creditable in my eyes at all... But they are the ones writing the rules for everyone to follow.
|
The PCI crowd, sadly, like many other "authorities" are in the
do as we say, not do as we do club..