Goodbye TLS 1.0

TLS is a system used to establish encrypted connections between two computer systems – such as when you visit a secure website or connect to a server to download your email.

TLS 1.0 HistoryTLS 1.0 Heartbleed Exploit

It was first introduced in 1999 as an upgrade of SSL Version 3.0, written by Christopher Allen and Tim Dierks of Consensus Development.  This makes it pretty old in internet terms.  It can no longer be considered secure, with vulnerabilities known for some time.  You may have heard of the Heartbleed exploit in the news?  TLS 1.0 was affected by this.

PCI Security Standards Council

PCI establish a set of rules and requirements which must be met by any website collecting credit card details – and they’re also quite widely adopted for websites collecting any personal data as a good way to keep the website secure.

With effect from 30th June 2018 it is a requirement of PCI that TLS 1.0 is no longer used.  As such, it’s now being removed from many online services to ensure they maintain the standard.

Will this affect me?

Probably not.  If you’ve updated your software sometime in the last 5 years then you’ll be fine and won’t notice any change.  If you have very old connection settings in your email program, and manually set TLS 1.0 as your encryption method then you will need to change this (to TLS 1.2) to continue to use many services, including ours.

Your website isn’t affected – we removed TLS 1.0 from these quite some time ago.

Many companies, including NetWeaver, are taking the opportunity to remove TLS 1.1 support at the same time.  There seems little point forcing a change again in a year or so to remove this when TLS 1.2 is already so well established and much more secure.

If you have any queries about how this may affect your account, please don’t hesitate to get in touch.

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.