Your browser does not support the most current secure communications protocol. The World Aquaculture Society is committed to the security of your private information. In order to accept credit card data on this site we are recquired to be in compliance with Payment Card Industry (PCI) standards. Current PCI standards will not allow us to accept traffic from browsers that do not support TLS 1.2 after June 30, 2018. We are alerting you to the important need to update your browser. Changes to our web server made on or before June 30, 2018 will make was.org unavailable with the browser you are currently using. [More..]

PCI 3.1 Compliance to Impact WAS.org Users

“SSL has been removed as an example of strong cryptography in the PCI DSS, and can no longer be used as a security control after June 30, 2018.” – PCI Security Standards Council

The newest revision of the PCI Security Standards Council policy, PCI-DSS 3.1, establishes a new baseline for strong cryptography, specifically TLS (formerly SSL), required to secure payment card related traffic – TLS 1.2.

This change must be adopted by sites which handle payment card data no later than 30 June 2018.  According to the PCI Council FAQ: "The successor protocol to SSL is TLS (Transport Layer Security) and its most current version as of this publication is TLS 1.2," according to the FAQ. "TLS 1.2 currently meets the PCI SSC definition of “strong cryptography”.    While PCI is specific to payment card information, the PCI guidelines also are used by sites in general for security guidance.

No version of SSL (SSL 3.0 and earlier) is considered "strong cryptography" for the purposes of protecting customer data, but The World Aquaculture Society (WAS) has not supported SSL 3.0 since October 2014, due to the POODLE vulnerability.  For WAS customers, the primary impact of PCI 3.1 is that TLS 1.0 and TLS 1.1 are also insufficient to secure payment card related traffic.

The PCI DSS v3.1 requirements directly affected are:

  • Requirement 2.2.3 Implement additional security features for any required services, protocols, or daemons considered insecure.
  • Requirement 2.3 Encrypt all non-console administrative access using strong cryptography.
  • Requirement 4.1 Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks.

Both TLS 1.0 and TLS 1.1 have known weaknesses which make them less than ideal for protecting information, although substantially stronger than SSL 3.0.  TLS 1.0/TLS 1.1 are widely used today, protecting a substantial fraction of encrypted web traffic. WAS is committed to the encrypted web while also ensuring sites are accessible to the greatest number of web browsers possible, so we intend to balance these concerns.

As a result of the PCI 3.1 changes, WAS has implemented a transition plan to migrate traffic toward TLS 1.2 in advance of the PCI Council requirements.

1) We are monitoring browsers and traffic to track the percentage of TLS 1.0+1.1 traffic relative to the total volume of encrypted traffic.  In October 2014, this traffic was approximately 30% of all encrypted traffic on WAS's servers. As recently as September 2015 nearly 10% of the traffic on the was.org originated from Windows XP which is not capable of running a browser that supports TLS 1.2

2) We are now alerting users of insecure browsers and operating systems of the need to upgrade as soon as possible.  Changes we will be implementing prior to the June 30, 2018 deadline will make was.org completely inaccessible to browsers that do not support TLS 1.2.

We expect the majority of encrypted web traffic will upgrade to TLS 1.2 before the 30 June 2018 deadline for PCI.  We believe the level of adoption of TLS 1.2 will rapidly increase based on the new PCI guidance, and if this happens, it will be feasible for an increasing number of sites to go "TLS 1.2-only" as the 30 June 2018 deadline approaches.   If the level of TLS 1.2 browser adoption is insufficient to allow customers to switch entirely to TLS 1.2-only by the deadline, we are exploring alternatives.  We will release more information on TLS 1.2 adoption as well as any updates to the encryption options available to WAS customers on an ongoing basis.

  • Home Office
    Carol Mendoza, Home Office Director
    World Aquaculture Society
    143 J. M. Parker Coliseum
    Louisiana State University
    Baton Rouge, LA 70803 (USA)
    Phone: +1-225-578-3137
    FAX: +1-225-578-3493
    Email: Carol Mendoza
  • Conference Management:
    John Cooksey
    P.O. Box 2302
    Valley Center, CA 92082 USA
    Phone: +1 760 751-5005
    FAX: +1 760 751-5003
    Email: John Cooksey
  • Trade Show and Sponsors
    Mario Stael
    Email: Mario Stael
  • Web Site:
    WAS Web Editor
    Email: Web Editor
Copyright © 2001-2017 World Aquaculture Society All Rights Reserved.