If your talking about TLS for The tunnel configuration you can use the following which should pass PCI as it is TLS1.1 and TLS1.2
This works for hub version 7.93+
- Open up the hub inside Infrastructure Manager
- Click on Tunnels
- Make Sure Server Active is checked if this is the Server
- Under Security Settings Click Custom
- Inside the Custom box I utilize the following "AESGCM:!aNULL"
- Recommended to recreate the SSL cert if one already existed
Now if you watch the hub.log you will see something to the affect of starting Tunnels with TLS Enabled or something (can't remember the exact wording but it is on first start and the tunnels get initilized it says it)