Disablement of TLS 1.0 and TLS 1.1
  • 17 Nov 2023
  • 2 minute read
  • Dark
  • PDF

Disablement of TLS 1.0 and TLS 1.1

  • Dark
  • PDF

Article Summary

In April 2015, the PCI Security Standards Council released the requirements for PCI DSS 3.1, which defines the security requirements and controls for secure websites, including what protocols are acceptable for secure communications. In this specification, TLS 1.0 must be disabled by June 30, 2018. This date was extended from the original deadline of June 30, 2016. While all modern browsers and platforms support TLS 1.2 and no longer require or initiate connections over TLS 1.0, there are still some organizations making connections to Slate, typically for web services, using the outdated and insecure TLS 1.0 protocol.

Beginning in 2015, we announced the forthcoming disablement of TLS 1.0, and since 2015, we have provided warnings to all users connecting via TLS 1.0, encouraging these users to upgrade their browser or platform in advance of discontinuing support for this protocol.

Access to payment pages via TLS 1.0 has already been disabled for years, and users attempting to connect to payment pages via TLS 1.0 are redirected to a browser upgrade page to prevent the transmission of cardholder data over an insecure protocol.


  • On April 15, 2018, we will begin disabling support for TLS 1.0 and TLS 1.1. We are including TLS 1.1 in this disablement plan, as data indicates that there is little to no access via TLS 1.1. Nearly every modern browser and platform implemented TLS 1.2 at the same time as TLS 1.1, so it's not a protocol observed in the wild with any frequency.

  • Requests over TLS 1.0 and TLS 1.1 to web service imports and exports, as well to certain non-interactive methods, are being logged and are available for an institution to review in the Standard Query Library report, "TLS 1.0 and TLS 1.1 Service Log". This report will display the 500 most recent TLS 1.0 and TLS 1.1 connections, from the past 30 days, initiated to typical service endpoints for a production database and its corresponding test environment.

  • On April 15, 2018, support for TLS 1.0 and TLS 1.1 will be disabled in all test environments. On June 1, 2018, support for TLS 1.0 and TLS 1.1 will be disabled in all production environments.


If you would like to test a connection to Slate to ensure that your client library supports connections over TLS 1.2, you may attempt a connection to https://cluster.ca-central-1.technolutions.net/tls, which, if successfully, will return "OK". If the client library does not support TLS 1.2, a connection will not be able to be established.





PCI DSS 3.1 published, requiring that TLS 1.0 be disabled on June 30, 2016


Deadline extended to June 30, 2018


Browser warning added for users accessing via TLS 1.0


Access to payment pages disabled for interactive users accessing via TLS 1.0


Notice of TLS 1.0 disablement in 2018 published

2015 through 2018

Many organizations upgrade legacy applications

2018 March 1

Fewer than 15% of organizations make connections to Slate over TLS 1.0

2018 March 5

Email notice sent to all Slate Captains

2018 April 15

TLS 1.0 and TLS 1.1 will be disabled in all test environments

2018 June 1

TLS 1.0 and TLS 1.1 will be disabled in all production environments

Was this article helpful?