Our company is required to be PCI compliant. Our Avaya phone system running IP office 9.1 is running TLS version 1.0 for some reason. This protocol isn't secure by PCI SSC and NIST. We are scanned on a monthly basis and continue to fail because of the phone system using TLS 1.0. Can TLS 1.0 be turned off on phone system? There are new versions (1.1 and 1.2) that exist but not sure why the phone system isn't using them or if the TLS 1.0 is required for the phone system to work properly.
