Starting in 2024, SHR Group will being limiting TLS connections to and from our infrastructure to TLS 1.2 and TLS 1.3 with known secure cipher suites. This will help ensure compliance with PCI-DSS version 4.0 and safeguard your guest payment and personal data. The table below shows which versions and cipher suites are supported, and which are End of Life (EOL).
In order to support these changes, it may be necessary for the customer to upgrade existing software and equipment. If upgrades are not possible it may be acceptable to install a proxy server inside the customer Cardholder Data Environment (CDE) to provide a secure gateway for communication. The customer should consult their PCI auditor for approval.
End of Life Cipher Suites will no longer be accepted beginning July 1, 2024.
Version | Cipher Suite | Supported |
|---|---|---|
TLS 1.3 | TLS_AES_128_GCM_SHA256 ( | Yes |
TLS 1.3 | TLS_AES_256_GCM_SHA384 ( | Yes |
TLS 1.3 | TLS_CHACHA20_POLY1305_SHA256 ( | Yes |
TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ( | Yes |
TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ( | Yes |
TLS 1.2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ( | Yes |
TLS 1.2 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ( | Yes |
TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ( | Yes |
TLS 1.2 | TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ( | Yes |
TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ( | EOL |
TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ( | EOL |
TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ( | EOL |
TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ( | EOL |
TLS 1.2 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ( | EOL |
TLS 1.2 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ( | EOL |
TLS 1.2 | TLS_RSA_WITH_AES_128_GCM_SHA256 ( | EOL |
TLS 1.2 | TLS_RSA_WITH_AES_256_GCM_SHA384 ( | EOL |
TLS 1.2 | TLS_RSA_WITH_AES_128_CBC_SHA256 ( | EOL |
TLS 1.2 | TLS_RSA_WITH_AES_256_CBC_SHA256 ( | EOL |
TLS 1.2 | TLS_RSA_WITH_AES_128_CBC_SHA ( | EOL |
TLS 1.2 | TLS_RSA_WITH_AES_256_CBC_SHA ( | EOL |