PCI requires that TLSv1.0 be disabled. If you’re using the SSL protocol on our load balancer to take advantage of SSL Offload and/or SSL Acceleration, you can easily disable TLS 1.0. You don’t necessarily need to disable this on your server, since communication between the load balancer and your devices is a trusted connection, but you will need to disable it on the cloud IP associated with the front-end load balancer.  NOTE: If you’re using the SSL_BRIDGE protocol instead of SSL, then you do need to disable TLS 1.0 on your server since we’re just passing the traffic through and the actual SSL negotiation is happening between your server(s) and the client. With SSL, the negotiation happens between us and the client.

To do this, go to the NETWORKING tab, then to the CONFIGURATION BUILDER. There, click on your config/pack from the left navigation. Once you do that, you should see the page as shown below. Beside the SSL protocol you will see an “Options” link which will open a new window as shown below.

TLS editing step 1

In the new window that opens (as shown below) you now have the option of deselecting TLSv1.0 (and SSLv3, if it is also selected). Once completed, click Save & Close and within a few minutes the change will be complete across our platform. You can then re-run any PCI scans/tests you might need.

TLS 1.0 step 2

As always, if you need help, feel free to reach out to us!