Issue between Cloudflare and SecurityMetrics.com

Hi - New to Cloudflare here. I have a client who is using SecurityMetrics.com as part of their payment processing. There is an error and they are telling me to disable the TLS 1.0 here on Cloudflare.

From what I’ve researched, that doesn’t look like a good idea.

Any ideas on how to resolve this issue?

Thanks!!

It’s actually a pretty good idea. Setting minimum TLS to 1.2 is more secure.

3 Likes

Disabling TLS 1.0 is actually a good idea, because that’s part of what’s needed to become PCI or HIPAA compliant (which I guess is what you’re after, looking at securitymetrics.com), by setting your minimum TLS version to at least 1.1, but the recommended minimum is 1.2.

2 Likes

TLS 1.0 and even 1.1 is not PCI-compliant. From https://www.docusign.com/blog/developers/preparing-tls-11-removal:

The PCI Security Standards Council has mandated that companies that wish to remain PCI Data Security Standard (PCI DSS) compliant must have transitioned to TLS 1.2 by June of 2020.

The date keeps getting pushed back but for PCI compliance, TLS 1.2 or higher is now necessary.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.