AnsweredAssumed Answered

Beyond IE10 TLS defaults, PCI DSS 3.1 browser compatibility list?

Question asked by Valérie Martin on Aug 6, 2015
Latest reply on Aug 6, 2015 by Lily Wilson

Hello,

I find it a bit annoying that IE 10 / Win 7 results are only reported considering default TLS settings are still set, whereas TLS 1.1 and 1.2 can be enabled in Internet Options> Advanced> (Security section), how could I know which ciphers it would pick with TLS 1.1 and/or 1.2 enabled? Would it be the same as IE11 / Win 7? And to a lesser extend do IE 8 and 9 behave the same as IE 7 on Vista? Could the SSLLabs report it as IE 7-9 / Vista in this case?

 

IE 8-10 / Win 7  R TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014 FS

 

In fact what I'm trying to do is putting together a list of browsers that will be left in the dark once PCI DSS 3.1 enforces the TLS 1.0 switch off.

If I understood correctly, there's no point in offering an IE 8 or 9 friendly online shop if customers cannot finalize check-out and only IE 10+ will be able to negotiate a PCI DSS 3.1 compliant TLS session. Apparently we still have a not so insignificant amount of customers using older browsers and I would like to warn them well ahead the TLS 1.0 switch off.

Outcomes