We received an email yesterday from Authorize.Net informing us of the phasing out of TLS1.0/1.1 in order to meet the requirements of the new PCI DSS regulations. I poked through our store and some documentation but I was unable to located what version of TLS our site is using. From what I can tell, it doesn't look like we have the Authorize.Net plugin installed. The only area I see a reference to Authorize.Net is Configuration > Payment > Payment Methods. From there I select Payments.AuthorizeNet.
Can someone enlighten me as to what TLS version we may be using?
Does anyone know how to completely disable TLS1.0 and/or other unwanted protocols?
A site I'm currently working on is nop3.9, has the code line referenced above that sets it to TLS12, but is still getting dinged in PCI testing for having TLS1.0 enabled. When I scan the site myself with www.ssllabs.com/ssltest, the report shows that TLS 1.0, 1.1, and 1.2 are enabled.
Disabling TLS is done on the server -- not by the application. You will need to contact the hosting service and ask them to disable TLS 1.0. You might as well ask them to disable DES and 3DES while they are at it.