View Single Post
Old 11-23-2017, 09:14 PM
Triple A Racing Triple A Racing is offline

Join Date: Jul 2008
Location: Manchester UK
Posts: 896

Default Re: Important!!! Are You Ready for 30 June 2018? Saying Goodbye to SSL/early TLS

Originally Posted by cflsystems
This also says "Additionally, use of weak cipher suites or unapproved algorithms – e.g., RC4, MD5, and others – is not allowed." XC uses MD5 for hashing just about everywhere...
MD5 "....has been found to suffer from extensive vulnerabilities" (sic) and, it's not the only dated security process that XC are/was using.
We'll be re-inspecting some particular bug fixes once the next upgrades are available at Merchant Wave.
Originally Posted by cflsystems
Same should apply to earlier versions of Chrome, Firefox, etc So yes I guess we are going back to the really annoying messages showing on sites - please update your browser or use blah-blah-blah...
We exclude SSL 1.0, 2.0, 3.0 and TLS 1.0 by default and are using TLS 1.2 and TLS 1.3 ciphers only.
That means that some old browser and/or O/S users simply can't visit us at all. We're happy with that. C'est La Vie
Originally Posted by cflsystems
Maybe off topic but I don't hear PCI council saying anything about the Equifax case. This just makes PCI not creditable in my eyes at all... But they are the ones writing the rules for everyone to follow.
The PCI crowd, sadly, like many other "authorities" are in the do as we say, not do as we do club..
Dev Store; XC Business & Live Store; XC Business
Server; Ubuntu 18.04.4 LTS (HWE 5.4.0-42.46 Kernel) / Plesk Obsidian
Nginx 1.16.1 / Apache 2.4.29 (Ubuntu Backported) / MariaDB 10.3.23 / PHP 7.4.8 (Dev) / PHP 7.3.20 (Live)
Reply With Quote