Is Firefox Quantum for Enterprise PCI compliant?
Trying to convince my company to move away from IE 11 and adopt Firefox Quantum for Enterprise, but I'm getting hung up on finding information related to whether Firefox Quantum for Enterprise is actually PCI compliant. Any info, especially documents, related to this would be greatly appreciated.
All Replies (2)
Based on a few minutes of web searching...
PCI-compliance now requires web servers to use at least TLS 1.1, preferably TLS 1.2, and not fall back to TLS 1.0. In other words, not to connect with browsers that cannot support higher TLS protocol levels.
Firefox has long supported TLS 1.1 and TLS 1.2, and now can support TLS 1.3. Therefore, Firefox is compatible with PCI-compliant servers. You can check your browser protocol support here:
https://www.ssllabs.com/ssltest/viewMyClient.html
Firefox also allows you to completely disable TLS 1.0 connections. However, some sites may not work in that configuration, most likely sites where you would not be doing any payment transactions, so I don't know whether that makes sense if you want to promote adoption of Firefox.
Thank you very much for your response and the information you provided. I am working to put together a presentation to submit to my management team. We use a platform called Chromatix Business Solutions (CBS) where we process CC payments and retain encrypted billing related info. CBS works through the web browser on our servers. I'm hoping the new Firefox Quantum for Enterprise Extended Support Release version will be an acceptable replacement for the old IE 11 we currently use. Apparently, everything hinges on PCI compliance compatibility and Windows Group Policy control. Again, I greatly appreciate the information. Thank you.