The Councils Assessor Newsletter, which is distributed by the Payment Card Industry council responsible for the PCI security standard, contained an interesting paragraph that is causing concerns among businesses that have to comply with PCI for online transactions. 
The paragraph affects version 3.1 of the standard. Currently, version 3.0 of the standard is in effect, and typically these point releases clarify and update the standard, but dont include completely new requirements. In short, the newsletter states that
no version of SSL meets PCI SSCs definition of strong cryptography
Wow. Is this the end of e-commerce as we know it? I thought SSL is (was?) THE standard to protect data on the wire. Yes, it had issues, but a well configured SSL capable web server should be able to protect data as valuable as a credit card number adequately. So what does it mean?
Not quite.You can (and should!) do https without SSL. Remember TLS? Thats right: SSL is out. TLS is in. Many developers and system administrators use SSL and TLS interchangeably. SSL is not TLS. TLS is an updated version of SSL, and you should not use ANY version of SSL (SSLv3being killed by POODLE). So what you should do is to make sure you are using TLS, and this new rule wont affect you at all.
Next: Also make sure your system administrators, and hopefully your QSAs understand that SSL != TLS and assess you correctly.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.