Council Surveys QSAS on SSL

Thursday, February 19, 2015

PCI Guru


This message popped into my inbox late yesterday.


The survey in question contains the following questions.


 All of my clients have gotten rid of SSL on their public facing Web sites.

The dilemma we have is that while SSL is dead, it is baked into so many products and appliances.  My clients are therefore stuck with appliances and software products that have SSL hard coded into them.  As a result, they will be dependent on their vendors to convert to TLS.

That said, what is the risk of using SSL internally?  Not a good practice, but truthfully, what is the risk?

In my opinion, using SSL internally for the next 12 to 24 months would not be the end of the world as long as it does not become a significant attack vector.

It will be interesting to hear the results of this survey.

This was cross-posted from the PCI Guru blog. 

General HIPAA PCI DSS General
Post Rating I Like this!
Bruce Norris This publish is astonished in quality, in fact admire my striking and creative writing abilities.
Click Here:

carol bland You have made a deal with this subject, well thought out and clearly written. Thank you
click here:

carol bland Your content explanation is fabulous for the supportive purpose and experience. Great
more information:

arbi salami This article is an appealing wealth of informative. I commend your hard work on this and thank you for this information. You’ve got what it takes to get attention.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.