PCI SSC FAQ on impending revisions to PCI DSS, PA-DSS

Image source: Google Images

Image source: Google Images

Why does SSL need to be removed as an example of “strong cryptography” from the PCI DSS and PA-DSS? The National Institute of Standards and Technology (NIST) has identified the Secure Socket Layers (SSL) v3.0 protocol (a cryptographic protocol designed to provide secure communications over a computer network) as not being acceptable for the protection of data due to inherent weaknesses within the protocol.

Read the full article.