Updated blog post released on 3/14/16: Update on TLS Support and PCI Timelines.
At Braintree, we're always staying on top of the latest changes within the payments industry, including PCI. That is what lead us to recently introduce Hosted Fields -- a solution for the new PCI 3.0 standards that doesn’t compromise the look and feel of a merchant’s checkout experience.
These updates for version 3.0 were just the beginning. Recently the PCI council released the PCI DSS 3.1. The main change in 3.1 was the deprecation of SSL 3.0 and TLS 1.0 as secure protocols. These two protocols are most commonly represented by the "S" in HTTPS connections. Last year, Braintree ended support for SSL 3.0 following the announcement of the POODLE vulnerability. With the updated requirements in the PCI DSS 3.1, Braintree will also end support for TLS 1.0 on June 30th, 2016. Both TLS 1.1 and TLS 1.2 will continue to be supported. This means any API requests or Control Panel sessions will need to use either TLS 1.1 or TLS 1.2.
As a merchant, this may involve updating your servers or programming language environment. It may also include updating the browser you use to access the Control Panel. We will be reaching out to merchants who we detect are still using TLS 1.0 to connect to Braintree services in order to remind you about the upgrade. You can also reach us at support@braintreepayments.com or 877.434.2894 for any questions you may have.
Keep an eye on this blog where we’ll be providing updates as they become available.