AnsweredAssumed Answered

Beyond IE10 TLS defaults, PCI DSS 3.1 browser compatibility list?

Question asked by Valérie Martin on Aug 6, 2015
Latest reply on Aug 6, 2015 by Lily Wilson


I find it a bit annoying that IE 10 / Win 7 results are only reported considering default TLS settings are still set, whereas TLS 1.1 and 1.2 can be enabled in Internet Options> Advanced> (Security section), how could I know which ciphers it would pick with TLS 1.1 and/or 1.2 enabled? Would it be the same as IE11 / Win 7? And to a lesser extend do IE 8 and 9 behave the same as IE 7 on Vista? Could the SSLLabs report it as IE 7-9 / Vista in this case?


IE 8-10 / Win 7  R TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014 FS


In fact what I'm trying to do is putting together a list of browsers that will be left in the dark once PCI DSS 3.1 enforces the TLS 1.0 switch off.

If I understood correctly, there's no point in offering an IE 8 or 9 friendly online shop if customers cannot finalize check-out and only IE 10+ will be able to negotiate a PCI DSS 3.1 compliant TLS session. Apparently we still have a not so insignificant amount of customers using older browsers and I would like to warn them well ahead the TLS 1.0 switch off.