TLS Support
The version of TLS you must implement depends on ESM/Logger peering, FIPS or non-FIPS implementation, or use of standalone ESM configurations.
Note that:
- For compliance with the Payment Card Industry Data Security Standard (PCI DSS) 3.2, use TLS 1.2. This requires ESM peers to also be running ESM 6.11.0 or later, and Logger peers to be running Logger 6.4 or later
- If you are running a standalone ESM implementation (no peering with other Managers or Logger), use TLS 1.2 for FIPS or non-FIPS configurations.
- For ESM releases prior to ESM 6.11.0 and ESM 7.0.0.1, instances of ESM/Logger that are peering must use TLS 1.0 or TLS 1.1 . Note that use of TLS 1.0 means these systems are not PCI DSS 3.2 compliant.
- For ESM releases prior to ESM 6.11.0 and ESM 7.0.0.1, instances of ESM/Logger that are standalone (non-peering) must use TLS 1.1.
- As of ESM 6.11.0, TLS 1.0, 1.1, and 1.2 are all supported for ESM in FIPS and default (non-FIPS) modes. The SSL protocols are no longer supported.
Also, the following matrix clarifies TLS support for ESM 7.0.0.1 systems that are peering with ESM or Logger:
| Version | Non-FIPS | FIPS |
|---|---|---|
| ESM 7.3 | TLS 1.2 | TLS 1.2 |
| ESM 6.11.0 to ESM 7.2.1 | TLS 1.0*, TLS 1.1, TLS 1.2 | TLS 1.0*, TLS 1.1, TLS 1.2 |
| ESM releases prior to ESM 6.11.0 | TLS 1.0*, TLS 1.1 | TLS 1.0*, TLS 1.1 |
| Logger 6.4 | TLS 1.2 | TLS 1.2 |
| Logger releases prior to Logger 6.4 | TLS 1.0*, TLS 1.1, TLS 1.2 | TLS 1.0*, TLS 1.1 |
| *Note that the use of TLS 1.0 is does not comply with PCI DSS 3.2. | ||