Views:
Because Cloud One Workload Security is managed and operated by Trend Micro, use of Cloud One Workload Security in PCI compliant environments is simplified when compared to the steps customers must take to use Deep Security (on premise) Security Software deployment in a PCI compliant environment (Solution Article 1119343).
 
The configuration outlined below defines the steps that any Cloud One Workload Security customer can use to set the minimum TLS version used in their deployment to TLS 1.2.
 
 
Support for TLS 1.0 was discontinued on cloudone.trendmicro.com on June 1, 2018.
 
 
To improve the overall security posture of Cloud One Workload Security support for for TLS 1.0 will be discontinued on cloudone.trendmicro.com  on June 1, 2018.
 
To avoid impact to your deployment on June 1st when TLS 1.0 is disabled on cloudone.trendmicro.com you must ensure that:
  1. All web administration access to Cloud One Workload Security must use a web browser that supports TLS 1.2 or later
  2. The HTTPS interface to Cloud One Workload Security for any REST or SOAP applications must support TLS 1.2 or later
  3. If you have deployed your own relays ensure that they are using Deep Security Agent software version 10.0 Software Update 8 or later
 

Updated agents to prevent fallback to TLS 1.0

 
With the update of Deep Security 10.0 Software Upgrade 11 (May 2018) or later agents the logic to allow agents for fallback from TLS 1.2 to TLS 1.0 will be removed. This will ensure that if Deep Security 10.0 Software Update 10 or later agents are deployed, they are not at risk of man in the middle downgrade attacks.
 

Deep Security 9.6 Agent Life Cycle

 
Cloud One Workload Security will continue to support Deep Security 9.6 agents (which use TLS 1.0) for backward compatibility with customers that are not using Deep Security in PCI compliant environments. 
Keywords: PCI,TLS 1.2,set minimum TLS to 1.2,set to TLS 1.2,set TLS to 1.2