Forum Discussion
The default cipher suite in 11.5.3 is already sufficient to comply with current PCI DSS 3.0 requirements. Leaving the paranoid security-guru suggestions aside, there's nothing wrong with using the DEFAULT of 11.5.3 today.
Config related:
Your only sensible option for applying a new global configuration is to create a new clientside SSL profile (i.e. clientssl_custom) which you will then re-use as the
Parent Profile
when creating you custom clientssl profiles.- Steve_Sander_31Mar 30, 2017Nimbostratus
EAV
- Chase_AbbottMar 31, 2017Employee
And: https://devcentral.f5.com/articles/security-sidebar-improving-your-ssl-labs-test-grade
But related for newer versions.
- Hannes_RappApr 02, 2017Nimbostratus
Updated answer. Enforcement date for 3.1 was postponed (now June 2018)
- JGApr 03, 2017Cumulonimbus
From https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard :
3.1 was released in April 2015, and has been retired since October 31 2016.
From https://www.pcicomplianceguide.org/whats-new-in-pci-dss-3-2/ :
February 2018: All new requirements within PCI DSS 3.2 will become effective. (Prior to that they will be considered “best practices.”)
.