TLSv1 enable past 2018

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   As far as I know for e-commerce sites to be PCI compliant then TLSv1 should be disabled by June 2018. I assume this relates to the area of sites for customer details & checkout/payment section.

When I checked the romancart checkout was still using a shared cloudflare SSL certificate which is shared with other sites, rather than it's own dedicated SSL certifcate. I did mention this a while back, but was happy  with the replies at the time. However, I have now become aware of the requirement to disable TLSv1 and the deadline of June 2018 has passed. On further reading  TLSv1 cannot be disabled on a shared cloudflare certifcate or free plan. 

Can romancart upgrade their SSL or Cloudflare plain to dissable TLSv1 and become PCI compliant, or have I got it completely wrong from googling too much and not really understanding things?

Test Results with TLSv1 comment at bottom of page

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
henrycart Members Profile Find Members Posts Newbie Joined: 21 September 2013 Status: Offline Points: 23	Post Options Post Reply Quote henrycart Report Post Thanks(0) Quote Reply Topic: TLSv1 enable past 2018 Posted: 12 April 2019 at 1:53pm
	As far as I know for e-commerce sites to be PCI compliant then TLSv1 should be disabled by June 2018. I assume this relates to the area of sites for customer details & checkout/payment section. When I checked the romancart checkout was still using a shared cloudflare SSL certificate which is shared with other sites, rather than it's own dedicated SSL certifcate. I did mention this a while back, but was happy with the replies at the time. However, I have now become aware of the requirement to disable TLSv1 and the deadline of June 2018 has passed. On further reading TLSv1 cannot be disabled on a shared cloudflare certifcate or free plan. Can romancart upgrade their SSL or Cloudflare plain to dissable TLSv1 and become PCI compliant, or have I got it completely wrong from googling too much and not really understanding things? Test Results with TLSv1 comment at bottom of page

Support Members Profile Find Members Posts RomanCart Team Joined: 16 March 2004 Location: United Kingdom Status: Offline Points: 10794	Post Options Post Reply Quote Support Report Post Thanks(0) Quote Reply Posted: 12 April 2019 at 4:39pm
	Hi, Firstly a technicality - PCI is for systems processing card details. RomanCart does not come into contact with any card details (no matter what it might look like). They are dealt with by the payment gateway that you are using with RomanCart on their own systems which must be PCI certified. RomanCart is 'Out of Scope' of PCI. Cloudflare offers all levels of TLS so it will always support the highest levels of encryption. I wouldn't advise enforcing a high level of TLS unless you have to as a lot of browsers won't work. Whilst that's ok for the payment pages you really don't want your actual website to be inaccessible. Many Thanks Support