We have a client who is failing their PCI certification compliance due to a Trustwave scan on their network. The offending thing is that port 5003 forwards to their FMS, which uses TLSv1.0, and they say it has to be up to TLSv1.2.
The silly thing is that their FileMaker solution does absolutely nothing with credit cards. They don't process or store any CC info internally. They process CCs using an external web service. But even though they don't store any CC info internally, they have to show that their network is secure and this is the part that is failing.
As far as I know, there is no way for us to control the version of TLS that FMS is using, correct?
The only solution I can think of, is to turn off port 5003, and instead set up a VPN.
I guess there is also a process for requesting an exception because TLSv1.0 isn't officially deprecated until June 2016. We may have them explore that, and hope that FileMaker updates the TLS version for the next version of FMS.
Has anyone else out there run into this?
Thanks for any pointers!