Pci compliance fail


#1

I am having the same issue as the thread below. PCI compliant failure due to the use of TLS v1.0 on port 32015
https://forum.peplink.com/threads/4865-PCI-compliance-failing-due-to-use-of-TLS-v1-0/

I am on firmware 6.3.1, Balance 310. I do not see a setting in Speedfusion for backward compatibility as indicated in the thread. Please let me know if there is a way to enfore TLS v1.2.

Thanks


#2

Please click on this URL link to look for the TLS v1.2 setting - https://forum.peplink.com/threads/4865-PCI-compliance-failing-due-to-use-of-TLS-v1-0?p=20163&viewfull=1#post20163


#3

There is no setting for backward compatibility. Heres a screenshot.



#4

Please click on the “?” at the “PepVPN Settings” bar, then it will pop up the small window for the said features.

Thanks and regards.


#5

Nevermind… i found it. you have to click on “?” for that setting.

Thanks


#6

I’m failing PCI scan and need to disable TLS v1.0 and when I go to the option for compatibility, its greyed out. If I disable the PepVPN I can make the change.


But as soon as I re-enable the VPN from InControl, the option is turned back off.

How do I disable TLS 1.0?

This is a Balance One (7.0.0 build 2742) to Balance 380 (6.3.3 build 3560).


#7

@dynamite_scott

We will allow configuring the PepVPN “Backward Compatibility” setting using IC2 for next coming update. Please stay tuned.


#8

Any update on this? Otherwise we need to disable IC2.


#9

We still work on this. You may disable to SpeedFusion management for the time being.


#10

Hi Scott,

Sorry, we should have redirected you to this thread.
The ability to disable TLS backward compatibility mode went live in production on March 6th.

Regards,
-James


#11

Thanks, I have updated all our systems and will see what happens on the next round of PCI scans.