SSL/TLS Versions

Insecure SSL and TLS versions should be disabled in the browser as all supported Prognosis versions should function normally in compliance with PCI-DSS 3.2.

Version 11.0 and later only requires TLS 1.2 support on the OS.

Any 10.x versions do require TLS 1.1 to be enabled on the server to be able to perform the 'Publish Display to Web' function as TLS 1.2 was not available in the version of .NET which they were built.

IR Support can provide an MS Windows PowerShell script that can be run by Server Administrators to disable insecure protocols on the MS Windows platform as described on the Microsoft TechNet page, if requested.

For details see: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786418(v=ws.11)

Recommendations

In all environments, the following approach is recommended:

  • Disable all SSL protocols.

In high-security environments, the following approach is recommended:

  • Disable all protocols, except TLS 1.2.

Provide feedback on this article