With that being said, the PCI DSS migration date of 30 June 2018 applies to all environments (except for Point of Interaction (POI) environments as stated above). A: Migrate to a minimum of TLS 1.1, preferably TLS 1.2.
For example, disable support for weak “Export-Grade” cryptography, which was the source of the recent Logjam vulnerability.
Below are answers to questions about new timelines, requirements and reasons for the adjustments.
Thank you to all who have provided feedback on the issue, including members of the National Institute of Standards & Technology (NIST), members of the Financial Services Information Sharing Analysis Center (FS-ISAC), Retail Solution Providers Association, Hotel Technology Next Generation, National Restaurant Association and Retail Industry Leaders Association.
If a device does not need to support SSL/early TLS, disable both use of and fallback to these versions.
Q: My ASV scan is flagging the presence of SSL and my scan is failing. A: Entities that have not completed their migration should provide the ASV with documented confirmation that they have implemented a Risk Mitigation and Migration Plan and are working to complete their migration by the required date.