PCI Security Standards Council has published a new version of its data security standard. The new guidance removes SSL, and early versions of Transport Layer Security, as examples of strong cryptography. It calls for use of a current, secure version of the Secure Sockets Layer encryption protocol. As a result, SSL and early TLS can no longer be used as security controls to protect payment data after June 30, 2016. An attacker could read encrypted Internet communications as well as steal session cookies and impersonate users.”]
Source: https://www.bankinfosecurity.com/pci-dss-updated-to-address-ssl-risk-a-8107