Buy Percona ServicesBuy Now!

Percona disabling TLSv1.0 May 31st 2016

 | May 23, 2016 |  Posted In: Events and Announcements

PREVIOUS POST
NEXT POST

disabling TLSv1.0As of May 31st, 2016, we will be disabling TLSv1.0 support on www.percona.com, repo.percona.com, etc.

This is ahead of the PCI changes that will affect the June 30th 2016 deprecation the TLSv1.0 protocol. (PDF)

What does this mean for you the user?

Based on analysis of our IDS logs, this will affect around 6.32% of requests. As of May 31st, such requests will present an error when trying to negotiate a TLS connection.

Users are advised to update their clients accordingly. SSLabs provides a good test for browsers, though this does not support command line tools. Going forward, we will only support TLSv1.1 and TLSv1.2.

These changes come a little over a year from our previous SSL overhaul, and are part of our ongoing effort to ensure the security of our users.

Thank you for your time. Please leave any questions in the comments section, or email us at security(at)percona.com.

 

 

PREVIOUS POST
NEXT POST
David Busby

David is an Information Security Architect, and CISSP qualified. He has worked with Percona since 2013 and has over 17 years' experience in DevOps, databases and security. David is a Ju-Jitsu instructor, assistant scout leader and also volunteers at a local secondary school to teach kids computing.

2 Comments

  • PCI postponed deprecation of TLS 1.0. It os in 2018 now.
    http://www.eweek.com/security/companies-get-two-year-reprieve-in-being-fully-pci-dss-compliant.html

  • Petr,

    At the time of writing this comment there has been no changes to official documentation and as far as I am able to tell this means PCI will continue as planned to deprecate TLS version 1.0 June 30th 2016.

    Now that being said from the link you have provided (thank you) and PCI’s own blog I interpret the articles as saying:

    – PCI will Deprecate June 30th 2016 TLSv1
    – PCI will enforce an absolute deadline of 2018 to allow for transition

    Meaning from 2018 if you have not transitioned then you will no longer be in compliance.

    I see no reason therefor to delay our transition away from TLS version 1.0 which was introduced in January of 1999 some 17 years old at the time of writing.

    Especially given POODLE, DROWN, BEAST, CRIME (to name but a few) attacks against other aging protocols as part of the SSL standard.

Leave a Reply