Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1327
Views
0
Helpful
2
Replies

TLS 1.2 on Admin console

Go to solution
jrolfe
Level 1
Level 1

‎07-12-2018 06:42 AM

Just received the email about the duo admin console not supporting browsers using cipher versions older than TLS 1.2. I appreciate the notice and transparency, but I gotta say I’m disappointed, Duo. The PCI SSC announced this requirement over a year and a half ago, and the deadline (which was already extended a year) for implementation was June 30, 2018. A security company I use and trust is just now implementing this on July 26, 2018 (being out of compliance for almost a month)? Those of us who take PCI seriously know how much effort and preparation may have been required for this, and the LONG time the council gave us to implement it. Don’t get me wrong, we absolutely love Duo and I will whole-heartedly recommend it over your competitors, but just some feedback that we’re disappointed in your lack of preparation and commitment to PCI. When your job is to help me be compliant (primarily section 8.3) and you yourself aren’t (section 4.1), it’s not sending a good message.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mkorovesisduo
Level 4
Level 4

‎07-12-2018 12:28 PM

Hi jrolfe,

Thanks for reaching out with this feedback and your concerns about PCI compliance. We apologize for our delay in moving the Admin Panel to requiring TLS 1.2.

We evaluate all of our security configurations, including TLS, on an ongoing basis and make changes when emerging technologies that help protect our customers become available. We also deprecate legacy technology when warranted due to potentially increased risk to our customers. While our move to TLS 1.2 for the Admin Panel did not occur in a completely satisfactory timeframe, we have no reason to suspect that it put customers at any risk.

We welcome any further feedback you have on this (and any feedback on future items, as well).

View solution in original post

0 Helpful
2 Replies 2

Go to solution
mkorovesisduo
Level 4
Level 4

‎07-12-2018 12:28 PM

Hi jrolfe,

Thanks for reaching out with this feedback and your concerns about PCI compliance. We apologize for our delay in moving the Admin Panel to requiring TLS 1.2.

We evaluate all of our security configurations, including TLS, on an ongoing basis and make changes when emerging technologies that help protect our customers become available. We also deprecate legacy technology when warranted due to potentially increased risk to our customers. While our move to TLS 1.2 for the Admin Panel did not occur in a completely satisfactory timeframe, we have no reason to suspect that it put customers at any risk.

We welcome any further feedback you have on this (and any feedback on future items, as well).

0 Helpful

Go to solution
jrolfe
Level 1
Level 1
In response to mkorovesisduo

‎07-12-2018 06:11 PM

Appreciate the response. As I said, I’m a big fan of Duo, both the company and the products, and despite this rare instance of criticism I always readily endorse it when given the chance. I appreciate your transparency and commitment to customer satisfaction.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents