PCI compliance failing due to use of TLS v1.0

Hello Ashley,

It is currently in beta so we don’t have a official release date at this time but I would anticipate that it should be GA by the end of next month.

1 Like

OK - great - many thanks

Ashley

1 Like

Hi Ashley,

May I ask where do you use the TLS v1.0 and is failing to comply for PCI?

1 Like

I believe that SpeedFusion supports TLS v1.0 although I guess it probably uses v1.2 by default. It is being flagged as non-compliant because it could potentially use v1.0 as I understand it.

Ashley

1 Like

> We will provide an option in v6.2.1 GA to allow user to enforce TLS v1.2. Believe this can meet your requirement.

Did this feature make it into v6.2.1? If so, could you please let me know where I can set it?

Thanks

Ashley

1 Like

Hi Ashley,

Please find the setting at screen shot below (Network > SpeedFusion).


2 Likes

Many thanks - using the new setting worked fine and allowed me to pass my PCI compliance vulnerability scan.

Unfortunately however it appears that the new setting means that my Surf-On-The-Go devices can no longer connect via PepVPN even when I upgraded to the latest OTG firmware (1.0.26 build 1260).

It is possible that the OTG firmware needs to be modified too?

Regards

Ashley

1 Like

Hi Ashley,

Default setting for Backward Compatibility is always recommended. I will feedback to engineering team to look into this problem asap then revert.

If this is urgent, I suggest to use High (firmware 5.3+) for the time being.

Thank you.

2 Likes

Hi Ashley,

Please upgrade SOTG to this firmware - http://download.pepwave.com/firmware/sotg/fw_010027_build_1261.bin. It is working with TLS v1.2.

2 Likes

Hi

The new firmware for the SOTG works fine - many thanks for the excellent customer service.

Ashley

1 Like

UPDATE: Peplink is fully capable of meeting the requirements for PCI DSS 3.0 compliant networks.Click here for full details.

2 Likes

I have having the same issue with the Trustwave Scans.

This vulnerability is not recognized in the National Vulnerability
Database. TLS v1.0 violates PCI DSS and is considered an automatic
failing condition.

Has there been a fix made available?

1 Like

Hi,

We do support TLS v1.2. Please upgrade your Balance router to latest firmware version.

2 Likes

Thanks…I installed the new firmware and it looks like that have resolve the problem…I appreciate the quick reply

1 Like

I am having the same issue with firmware version 6.3.1. I dont see a setting for backward compatibility in the speedfusion settings. Please help.
Thanks.

1 Like

Hi there. I am in the process of attaining approval to use the PepWave 700 Max within my organization and require documented evidence that this device incorporated TLS 1.2. The only resource I can find is Release notes for Firmware 6.3.2, 6.3 Beta and 6.2, with none mentioning the TLS 1.2 update. The device’s user manual also does not include any reference and states it is for V6.1.2.
Any chance you can provide a link to a document that outlines incorporations of TLS 1.2 in the PepWave 700 Max device? and not a forum link as this won’t cut the mustard regarding the approval process. Thanks in advance.

1 Like

Hi,

You can refer to the latest release note for firmware 6.3.2. It had been updated.

Thank You

2 Likes

Thanks mate thats what I was after.

1 Like

Hi Team, is there anything in the works for Peplink becoming 3.2 PCI Compliant? If so, can you by chance provide a letter of compliance for that?

Thank you in advance,
Jon Grote

2 Likes

We have the same issue here with our Balance One on firmware 7.0.2 build 3155 but when I check the port 32015 over TLS1.0 it shows that it is working. it is also working with TLS1.1 and 2 so I’m wondering how can I prevent the device respond back on TLS1.0 as this is causing us not being able to be PCI Compliant!!!

Please help

1 Like