Bernie Weidel

PCI Guidance for SSLv3 and Early TLS issues with Mitigation & Migration Plans

Discussion created by Bernie Weidel on Sep 26, 2016

Per PCI Council guidance, vulnerabilities related to SSLv3 and TLSv1.0 / TLSv1.1 which cannot be fully remediated currently can be approved via a False Positive Request so long as the merchant provides a statement confirming that a Mitigation & Migration Plan is in place.


For more information on this topic, please see the official PCI Council Information Supplement 'Migrating from SSL and Early TLS' which can be found here:


For instructions on how to submit a False Positive request, please click here: