TLS v1.0/1.1 deprecation and TLS v1.2 implementation

On June 25th, 2018, TLS v1.0 and v1.1 won't be supported anymore.

In order to improve security and confidentiality for our customers, Funio is committed to follow the industry norms and set up the newest version: TLS v1.2.

What is it? Why is it necessary? 

SSL and TLS are two protocols in charge of securing connexions between clients and servers by encrypting data. This way, it is impossible to intercept any data (passwords, credit card numbers...) between the server and the client (browser, gateways...).

The SSL/TLS protocol can be used for different web services, emails, FTP, VOIP and VPN. When one of these protocols is used, you can find a S at the end of the name (HTTPS, SMTPS and FTPS). 

The IETF (Internet Engineering Task Force) forces the use of TLS 1.2 protocol starting on June 30, 2018. Former protocols will therefore be obsolete, such as SSL v2, SSL v3, TLS 1.0 et TLS 1.1. These are indeed vulnerable to different types of attack such as BEAST, CRIME, POODLE, RC4, FREAK, and Logjam.

Several browsers such as Chrome, Mozilla Firefox, Safari won't support older protocols. The most popular browsers are also about to force the use of HTTPS. For instance, starting on July 2018, Chrome (68) will mark all sites using HTTP as non-secured sites. Firefox users won't be able to use new Javascript, CSS features of sites without HTTPS.

Payment gateways such as Paypal, Stripe, Braintree, and Authorize.net will be updated to use TLS 1.2 as well as most API services.

What impact for you?

For your emails...
If you are using an old mail client or an old OS, it is possible the software does not support TLS 1.1 or 1.2, and therefore your emails are not working anymore on your computer.

If your emails don’t work following the update, it means your mail client (Mail, Thunderbird, Outlook) does not support TLS 1.1 or 1.2. It is therefore not up to date and is a major security risk for your data. Please update your mail client as soon as possible to fix the issue.

Here is a non exhaustive list of the mail clients that don’t support TLS 1.2: Outlook® 2007, Outlook 2010, MacMail on MacOS 10.8 or before and Windows 7. 

For Windows 7, you can try this procedure: https://documentation.cpanel.net/display/CKB/How+to+Configure+Microsoft+Windows+7+to+use+TLS+Version+1.2

When you browse on the internet...
If your software and applications are up to date, no need to worry. They will support TLS 1.2.

When you will browse a website with a browser that does not support TLS 1.2, you will get a generic message such as "unable to connect" or “Internet Explorer cannot display the webpage” for Internet Explorer. Therefore, if you use older browsers than Chrome 30, Internet Explorer 11 on Windows 8, Safari 7 sur OS X 10.9, Firefox 26, please make sure you upgrade.

Also, if you use older versions of email clients than these Outlook® 2007, Outlook 2010, MacMail and older OS (MacOS 10.8 or before or Windows 7 or before), you will need to upgrade.

If you are not sure your browser is compatible with TLS 1.2, you can check with this website: https://cc.dcsec.uni-hannover.de/

Do you need to change anything on your website?
Ask yourself these questions. If the answer is yes, make sure your website is compatible with TLS 1.2.

If not, you're fine.

  • You have a ecommerce website and use a payment gateway such asPaypal, Stripe, Braintree, Authorize.net: these gateways will be upgraded and will only use TLS 1.2. Make sure you do what is necessary so that your website is compatible with this upgrade.
  • You're using an external API: most APIs won't support older versions of TLS, make sure your code takes these changes into account.

 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.