Dear Sabre customer,
As previously communicated, 30 June is the deadline for disabling SSL/early TLS and implementing TLS 1.2, a more secure encryption protocol, in order to meet the PCI Data Security Standard (PCI DSS) for safeguarding payment data. It is in our mutual best interest to be prepared well in advance of the deadline so there are no resulting business impacts to Sabre or our customers.
Beginning 19 June, Sabre will block traffic that uses non-compliant SSL protocols and versions of TLS protocols prior to 1.2. This action will allow both Sabre and our customers the chance to validate that systems will operate as expected before the 30 June deadline and the non-compliant protocols are permanently disabled.
Additionally, we will conduct a test run that will allow both Sabre and our customers the chance to catalog and remediate any unforeseen effects before June 19. During the test run listed below, Sabre Web Services will stop accepting non-compliant connections. Any products not upgraded to compliant versions will stop working as will any custom applications not using TLS 1.2 to connect to Sabre Web Services. Non-compliant connections will be restored at the end of the test run.
- Test Run: 10 June 2018 from 09:00 SGT to 13:00 SGT / 02:00 BST to 06:00 BST (9 June 2018 from 20:00 CDT to 00:00 CDT)
You can evaluate your PCI status and find more information on how to become PCI compliant on the IATA website.
The final change for non-compliant connections is scheduled for 19 June at 08:00 SGT / 01:00 BST (18 June at 19:00 CDT). There will be no exceptions. Please understand that your business operations will be impacted if you do not take action prior to this date (ensure desktop software can support TLS 1.2 – most notably Operating System, Web Browser, and/or Citrix desktop client).
Remember, Windows XP and Vista do not support TLS 1.2, which may make your agency vulnerable to known security risks. Any computers on Windows XP or Vista should upgrade to a newer operating system for improved security and compliance. Additionally, these operating systems are no longer supported by Microsoft and Sabre – further increasing their vulnerability.
We will continue to send you reminders periodically prior to the deadline. However, we strongly encourage you to upgrade now and thus avoid last-minute hassles.
If you have already upgraded to TLS 1.2, let us know so we can remove you from future reminders.
Please contact your Account Director or Sabre Technical Support Team with any questions.
Your Sabre team