2

It won't be easy) As you know there are new PCI DSS requirements after 30 June which say we shouldn't use "SSL/early TLS".

But also there is the comments that merchants could save TLS 1.0 but with compensating controls:

"For merchants using SSL/early TLS other than as allowed for POS POI terminal connections:

1) If SSL/early TLS is being used as a security control for PCI DSS after the 30 June deadline, ensure compensating controls are implemented to mitigate the risk associated with its use and take the necessary steps to migrate to a secure alternative as soon as possible.
2) If SSL/early TLS is present but not being used as a security control to meet a PCI DSS requirement, these protocols may remain in use. However, it is strongly recommended that they be migrated to a more modern encryption protocol as soon as possible."

My company has an ecommerce business and wants to save TLS 1.0 for some clients. The key question - what's the compensating controls for this case? I'm talking about usual web access from public Internet.

PS I just checked - even world ecommerce giants like Ebay and Amazon still support TLS1.0 for clients. Is it because of compensating controls?

mlp
  • 546
  • 4
  • 8
Vlad
  • 21
  • 3
  • 1
    Welcome to the site @Vlad, unfortunately this cannot be answered as there's not enough detail. Compensating controls are dependent on what technology is being used, where it's being used and how it's being used. What is communicating to what in this case? – GdD Jul 25 '18 at 11:50
  • The main weaknesses in TLS 1.0 is POODLE attack which exploit as MITM. As far as I know there is no any compensation controls for this case. – Vlad Jul 25 '18 at 11:58
  • Some examples would be: Application whitelisting, layer 7 firewall, vpn tunnels, and verification of no PAN transmission (server might be cat 3, but tls 1.0 connection can be confirmed to never pass CC info). There are more, but as mentioned it will be specific to your environment. Bad news, 1.1 will shortly be disallowed also. – bashCypher Jul 25 '18 at 16:53
  • Have you considered that Ebay and Amazon are simply just good at auditor shopping? Audits are only as good as the auditor. In any audit done by for-profit companies, there's an inherent conflict of interest. This is exactly what happened during the financial crisis of 2008 where worthless tranches of home loans were given AAA bond ratings by for profit ratings agencies paid by the people selling the bonds. In other words, Don't like what your auditor said? Find another one that'll give you the answer you want. – Steve Sether Jul 25 '18 at 21:56
  • [Amazon doesn't even require CVV2/etc](https://security.stackexchange.com/questions/21168/how-does-amazon-bill-me-without-the-cvc-cvv-cvv2) so clearly security measures that might even slightly reduce purchase are not their priority. @Vlad: POODLE is only SSL3 and a handful of stupid TLS1.0 implementations that ignored the spec. _BEAST_ is SSL3 and TLS1.0. – dave_thompson_085 Jul 26 '18 at 02:25
  • @Steve Sether I'm not sure. I checked a lot of other online stores. All of them sill support tls1.0 – Vlad Jul 26 '18 at 09:53

2 Answers2

2

I don't think there is fixed set of compensating controls you can use in all cases. The idea of a compensating control is that you reduce the risk somehow which you have increased by staying with TLS 1.0. I don't think it is meant to be something which magically makes TLS 1.0 safer again. Which kind of compensating controls are needed and are possible depend on your specific use case, i.e. how much the risk is increased from clients using TLS 1.0 and how you can reduce it again.

Compensating controls to reduce the risk might be for example to limit the amount of money which can be transferred by the less secure clients within a specific time or for a single API key, to add some insurance in case something goes wrong, to make the TLS 1.0 interface only accessible from a few selected IP addresses etc. Of course a compensating control could also be to add an additional encryption layer. Only, most clients which are unable to move to TLS 1.2 because they depend on some old software stack are probably not flexible enough to add some additional encryption as mitigation either.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Hi Steffen! I was wondered that even world ecommerce giants like Ebay and Amazon still support TLS1.0 for clients. I guess it's due to compensating controls. What you think? – Vlad Jul 25 '18 at 12:06
  • @Vlad: I'm not sure what kind of additional answer you expect apart from what I've already wrote. Maybe you imagine compensating controls to be something which makes TLS 1.0 magically safer again but I don't think it is meant like this. – Steffen Ullrich Jul 25 '18 at 12:12
1

What [are] the compensating controls for this case?

Possibly none. Earlier in the article you reference is this following (emphasis mine):

After this date, SSL and Early TLS may no longer be used as a security control for PCI DSS, except by POS POI terminals that are verified as not being susceptible to known exploits and the termination points to which they connect,

Which seems fairly unequivocal: you cannot use "Early TLS" unless you can verify that the terminals and terminations points are safe from the exploits for which TLS 1.0 has been deprecated. I don't know enough about the finer details of POODLE (nor other known attack vectors) to know what constitutes making terminals/termination-points "safe" ... if you don't know (and can't verify your solution is "safe"), then the answer – going by the above – must be "you cannot use early TLS".

You should probably also note that later in that article it says (again, emphasis mine):

Merchants should be aware that new POS POI terminal implementations must not use SSL/early TLS. Additionally, if new exploits are introduced that affect POI terminals and that cannot be addressed by a patch or compensating controls, the POI terminals will need to be updated immediately.

So (as I read it) your opportunities to "save TLS 1.0 for some clients" are also limited:

  • You cannot use TLS 1.0 for new clients – you can only continue using it for existing clients (and then only if the system's safety has been verified).

  • You must stop using it immediately if new vulnerabilities become known (that you can't prove your system is safe from).

As to "world ecommerce giants like Ebay and Amazon still support TLS1.0 for clients", I can only offer:

  • That article appears to be focused on POS/POI terminals. eBay/Amazon don't use POS/POI terminals so at first glance aren't necessarily subject to the same restrictions. (But the wider rules – or different PCI rules – may apply to their situation).

  • Which part of the connection did you test for "support TLS 1.0"? It's conceivable (but I've no idea if it is the case) that their general website still supports TLS 1.0 but "completing a payment" is over a more secure layer.

TripeHound
  • 1,151
  • 8
  • 11
  • No, the 'new' requirement (actually first published in 2015) is for connections _other than (some) POI_ -- but what they're really after is websites and browsers, which have much larger attack surfaces than POI devices and services. – dave_thompson_085 Jul 26 '18 at 02:34
  • Actually my concern was about non-POS POI connections. We are just usual online store with small part users on android 2.x; 4.x IE8 – Vlad Jul 26 '18 at 09:42
  • Hi TripeHound just create duble-check the same ciphersoiuts in bin and title page. – Vlad Jul 26 '18 at 09:49