AnsweredAssumed Answered


Question asked by michael lane on Jul 11, 2018
Latest reply on Jul 23, 2018 by j-mailor

I am wondering why TLS1.0 is still acceptable?  I am seeing site that are rated an A+ with TLS1.0 active. Even your own site states "TLS1.2" is the only secure protocol.  May sites us opportunistic TLS, which allows fallback to TLS1.0.


NIST, PCI-DSS have definitely deprecated TLS1.0.  Microsoft is throughout this year, and a laundry list of other industry leaders are as well.


Shouldn't it at least be a warning, or a B rating if TLS1.0 is an option?


Not an accusation - just a question as no one accepts this for PCI or HIPAA/government secret data any longer. OCR(Office of Civil Rights)