Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

Important!!! Are You Ready for 30 June 2018? Saying Goodbye to SSL/early TLS
 
Reply
   X-Cart forums > News and Announcements
 
Thread Tools
  #1  
Old 11-23-2017, 01:21 AM
  ambal's Avatar 
ambal ambal is offline
 

X-Cart team
  
Join Date: Sep 2002
Posts: 4,102
 

Exclamation Important!!! Are You Ready for 30 June 2018? Saying Goodbye to SSL/early TLS

https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls

Some say it is going to be "illegal" to use IE6-10

https://scontent.fhel2-1.fna.fbcdn.net/v/t1.0-9/23915497_1618181404894529_7957804125984914032_n.pn g?oh=0fbdb2b451de009cf97b7c7bbb049c0e&oe=5AA11F10
__________________
Sincerely yours,
Alex Mulin
VP of business development for X-Cart
X-Payments project manager
Reply With Quote
  #2  
Old 11-23-2017, 07:12 AM
  cflsystems's Avatar 
cflsystems cflsystems is offline
 

Veteran
  
Join Date: Apr 2007
Posts: 13,485
 

Default Re: Important!!! Are You Ready for 30 June 2018? Saying Goodbye to SSL/early TLS

This also says "Additionally, use of weak cipher suites or unapproved algorithms – e.g., RC4, MD5, and others – is not allowed."

XC uses MD5 for hashing just about everywhere...

Quote:
Some say it is going to be "illegal" to use IE6-10
Same should apply to earlier versions of Chrome, Firefox, etc
So yes I guess we are going back to the really annoying messages showing on sites - please update your browser or use blah-blah-blah...

Maybe off topic but I don't hear PCI council saying anything about the Equifax case. This just makes PCI not creditable in my eyes at all... But they are the ones writing the rules for everyone to follow.
__________________
Steve Stoyanov
CFLSystems.com
Web Development
Reply With Quote

The following 3 users thank cflsystems for this useful post:
josebueso (11-24-2017), PhilJ (11-23-2017), Triple A Racing (11-23-2017)
  #3  
Old 11-23-2017, 09:14 PM
 
Triple A Racing Triple A Racing is offline
 

X-Adept
  
Join Date: Jul 2008
Location: Manchester UK
Posts: 716
 

Default Re: Important!!! Are You Ready for 30 June 2018? Saying Goodbye to SSL/early TLS

Quote:
Originally Posted by cflsystems
This also says "Additionally, use of weak cipher suites or unapproved algorithms – e.g., RC4, MD5, and others – is not allowed." XC uses MD5 for hashing just about everywhere...
MD5 "....has been found to suffer from extensive vulnerabilities" (sic) and, it's not the only dated security process that XC are/was using.
We'll be re-inspecting some particular bug fixes once the next upgrades are available at Merchant Wave.
Quote:
Originally Posted by cflsystems
Same should apply to earlier versions of Chrome, Firefox, etc So yes I guess we are going back to the really annoying messages showing on sites - please update your browser or use blah-blah-blah...
We exclude SSL 1.0, 2.0, 3.0 and TLS 1.0 by default and are using TLS 1.2 and TLS 1.3 ciphers only.
That means that some old browser and/or O/S users simply can't visit us at all. We're happy with that. C'est La Vie
Quote:
Originally Posted by cflsystems
Maybe off topic but I don't hear PCI council saying anything about the Equifax case. This just makes PCI not creditable in my eyes at all... But they are the ones writing the rules for everyone to follow.
The PCI crowd, sadly, like many other "authorities" are in the do as we say, not do as we do club..
__________________
Business XC 5.3.6.3 Dev Store & Live Store
Ubuntu 18.04.3 (HWE 5.0.0-29.31 Kernel) / Plesk 17.8.11
Nginx 1.16.1 / Apache 2.4.29 (Ubuntu Backported)
MariaDB 10.3.18 / PHP 7.2.22
Reply With Quote
Reply
   X-Cart forums > News and Announcements


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 09:29 PM.

   

 
X-Cart forums © 2001-2018