The PCI Council amended its date for TLS 1.0 (an earlier security protocol, used to secure web pages) on 15th December 2015. It declared, after 15 June 2018, PPM Pro will not accept any connections to TLS 1.0 request and login servers. But recently, they have extended the deadline to June 30, 2018. So, make sure you are ready to get migrated to a more secure protocol and network.
Here in this post, you will know the full details about TLS 1.0 and what risks your system may have with TLS 1.0.
What is TLS 1.0?
TLS abbreviation is Transport Security Layer. It is a cryptographic protocol that helps users in connecting to the internet by providing secure communication over networks. It has different versions, including TLS 1.0, TLS 1.1, TLS 1.2. All these versions have extensive use in applications such as web browsing, e-mailing, instant messaging and VoIP, and every version is slightly different from the others. TLS 1.0 protocol was first defined after SSL 3.0 in RFC 2246 in January 999 and considered as an enhanced version of SSL 3.0.
Vulnerability in TLS 1.0
The first browser attack on against TLS was announced in September 2011 and has affected TLS largely. At the time, the attacker can decrypt all the information and data exchanged between the two parties and can take advantage of a vulnerability in the execution of the Cipher Block Chaining (CBC) mode in TLS 1.0 and thereby this was chosen plaintext attack.
Thus, if the BEAST attack has to succeed, then the attacker must have full control of the victim’s browser, where they can easily transmit the information.
How to disable TLS 1.0
Following are the ways to disable TLS 1.0 from your windows.
- Open cmd and execute the ‘regedit’ command to open Windows Registry.
- Create two registry keys as below:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
- Under each of the keys created, enter a DWORD with the name Enabled by right-clicking and set the value data as 0.
- Open gpedit.msc from command prompt.
- Go to Computer Configuration > Windows Settings > Security Settings > Local Policy > Security Options
- enable System cryptography:Use FIPS compliant algorithms for encryption, hashing, and signing
Then, reboot the server to update registry and policy.