[EAS] Banking industry deprecated TLS 1.0 in June 2018
Sean Donelan
sean at donelan.com
Sat Jul 20 20:02:28 CDT 2019
I don't have the exact date FEMA IPAWS notified CAP vendors. But this
change has been in process industry (and government)-wide for several
years. I don't know the business reasons why companies wait until the
deadline to make changes.
The credit card and banking industries deprecated TLS 1.0 in June 2018.
https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls
Banks and point of sale vendors had been updating their payment systems
for several years.
Cloud.gov, Microsoft Office 365 and other web sites have required TLS 1.2
(or higher) since October 31, 2018.
Google Chrome deprecated TLS 1.0 and TLS 1.1 in Chrome 72 (October 2018).
According to Cloudflare, over 85% of web sites use TLS 1.2. 10% still use
TLS 1.1 or TLS 1.0. The rest are obsolete SSL and a smattering of TLS
1.3.
Year of introduction:
SSL v3 - 1996
TLS v1 - 1999
TLS 1.1 - 2006
TLS 1.2 - 2008
TLS 1.3 - 2018
More information about the EAS
mailing list