How can I disable TLS 1.0 to comply with PCI?

PCI requires that TLSv1.0 be disabled. If you’re using the SSL protocol on our load balancer to take advantage of SSL Offload and/or SSL Acceleration, you can easily disable TLS 1.0. You don’t necessarily need to disable this on your server, since communication between the load balancer and your devices is a trusted connection, but you will need to disable it on the cloud IP associated with the front-end load balancer.  NOTE: If you’re using the SSL_PROXY protocol instead of SSL, then you do need to disable TLS 1.0 on your server since we’re just passing the traffic through and the actual SSL negotiation is happening between your server(s) and the client. With SSL, the negotiation happens between us and the client.

To do this, go to the NETWORKING tab, then to the CONFIGURATION BUILDER. There, click on your config/pack from the left navigation. Once you do that, you should see the page as shown below. Beside the SSL protocol you will see an “Options” link which will open a new window as shown below.

In the new window that opens (as shown below) you now have the option of deselecting TLSv1.0 (and SSLv3, if it is also selected). Once completed, click Save & Close and within a few minutes the change will be complete across our platform. You can then re-run any PCI scans/tests you might need.

The best part of this functionality is that you can still have older legacy TLS enabled on the back-end (between Total Uptime and your servers) but increase security significantly to meet (or exceed) PCI requirements on the front-end. And, with an  ACL on your firewall to ensure no traffic can get around us and go directly to your device, this is a quick and even long-term security solution.  Contact us for more information.

As always, if you need help, feel free to reach out to us!