For the past 20 years Secure Sockets Layer (SSL) has been used all over the world to encrypt data between two endpoints. It became the most widely-used encryption protocol despite numerous security vulnerabilities exposed. In PCI DSS v3.1 (published in April 2015) SSL/early TLS (Transport Layer Security) was removed as an example of strong cryptography and may not be used as a security control to meet any PCI DSS requirement after June 30, 2018. Here we explain how you can prepare for the migration deadline and protect your data in accordance with the PCI Data Security Standard (PCI DSS).
SSL was first released in 1995 to secure communication between a client and a server in an unprotected network such as the Internet. In 1999 SSL v3.0 was replaced by TLS 1.0 and later updated to v1.1 and 1.2. The protocols encrypt the communication between two parties ensuring that sensitive information such as usernames, passwords and credit card numbers are not exposed to the third parties and that nobody can read it or tamper.
What is the risk?
Due to the widespread use, SSL/early TLS was targeted by hackers and many serious vulnerabilities have been found over the past 20 years. This led to SSL/early TLS being unsafe for protecting sensitive information.
The vulnerability CVE-2014-3566, which is known by the name P.O.O.D.L.E. (Padding Oracle On Downgraded Legacy Encryption), if successfully exploited, can expose data encrypted between a SSL v3.0 compatible client and a SSL v3.0 compatible server. It is a vulnerability of the protocol itself and not of a specific implementation of it, which basically means every implementation of SSL v3.0 suffers from it and it cannot be fixed. In the context of a payment gateway or any other business model where cardholder data is transmitted over SSL it is alarming and could lead to exposure of cardholder data.
What is meant by “Early TLS”?
The PCI Council introduced the term in PCI DSS v3.1 referring to early implementations of TLS that contain protocol-level vulnerabilities. The term, however, does not refer to any particular version of TLS, but rather includes any version or implementation of the protocol that is vulnerable. Organizations have to update TLS to the newest version released continuously to address the threats that evolve. Businesses need to remain up to date with exploits and whether their current version of the protocol could be susceptible to it.
What this means for your PCI DSS compliance
After June 30th, 2018 SSL and early TLS are not longer examples of strong cryptography or secure protocols. In its Information Supplement the PCI Council states that after the migration date all companies should only use secure versions of the protocol. On top of that, prior to June 30th organizations should have a formal Risk Mitigations and Migration Plan in place. This document is needed to describe the migration plan to a secure protocol and the way the company will reduce the risk associated with SSL/early TLS until the migration is completed.
You can find more information about why the migration is necessary and how organizations can use it in this interview with the PCI SSC Senior Director of Data Security Standards here. At Advantio, we understand that this migration process and deadline can create a variety of problems. You can always reach our team for more information or help with SSL/early TLS migration.