Frequently Asked Question

Does PCI DSS define which versions of TLS must be used?

No. However, PCI DSS does not consider SSL or early TLS to be strong cryptography.

The term "early TLS" does not refer to a specific version(s) of the protocol, but rather it refers to any version of TLS that is vulnerable to a known exploit. This includes, at a minimum, TLS versions 1.0 and 1.1. All versions of SSL also do not meet the PCI DSS definition of strong cryptography.

The term “early TLS” is intended to help entities identify and prioritize mitigation efforts for TLS implementations known to be inherently vulnerable. Entities should have processes to monitor threats as they continue to evolve and as new versions of the protocol are released to address those threats, and to keep the entity's cryptographic implementations up to date to prevent them becoming vulnerable to known exploits.

Cryptographic implementations, including TLS, must use and support modern cryptographic algorithms, secure configuration settings, and other features as needed to meet the intent of strong cryptography. This means that every TLS implementation, irrespective of the protocol version, must apply strong cryptography using an appropriate cipher suite to implement a secure key exchange algorithm, strong cryptography, and an appropriate message authentication for strong cryptography and security protocols.

It is expected that systems conducting negotiation of TLS protocols use the strongest cipher suites first, with subsequent negotiation to mutually supported cipher suites only if needed, but always within the bounds of the minimum standard of strong cryptography and security protocols. TLS connections must not use symmetric ciphers that provide a block size less than 128 bits (such as TDEA). It is considered best practice to implement TLS versions and cipher suites that support forward secrecy and the implementation of ciphers utilizing post-quantum cryptography (for key exchange and end-point authentication).

Entities using TLS should review their implementations against industry references (such as the current version of NIST SP 800-52) for guidance on configuration options that meet the intent of strong cryptography. Note that, while industry guidelines such as NIST SP 800-52 may provide additional insight into specific configurations and implementations and provide the rationale for implementing particular controls, PCI DSS does not mandate the use of external standards or guidance in meeting strong cryptography. In addition to monitoring specific threats to cryptographic implementations, entities should monitor changes in industry best practices and standards, and where applicable, entities should apply modifications to minimum cryptographic standards used within their environments to ensure that sensitive information such as account data and authentication credentials remain secured.

For the PCI DSS definition of "strong cryptography," refer to the PCI DSS Glossary of Terms, Abbreviations, and Acronyms in PCI DSS v4.x Appendix G, available in PCI SSC's Document Library, under the PCI DSS drop-down menu.

July 2026
Article Number: 1491

Featured FAQ Articles