The Issuetrak Cloud has dropped support for TLS standards 1.0 and 1.1 as of September 3, 2019 and will only allow web traffic secured via TLS 1.2. There is a possibility that you and/or your customers are unable to access your site with the use of outdated web browsers.
What is SSL?
SSL stands for Secure Sockets Layer. This is a Web standard for negotiating encrypted communication between a web server and your browser. The last version of SSL was 3.0, and it was published in 1996. While very few websites use SSL anymore, the terms SSL and TLS are often used interchangeably. When someone uses the term SSL, they almost always mean TLS. Issuetrak's cloud environment does not use SSL to secure web traffic.
What is TLS?
TLS stands for Transport Layer Security. This supersedes the older SSL standard. There are four versions of TLS published:
- TLS 1.0 (1999)
- TLS 1.1 (2006)
- TLS 1.2 (2008)
- TLS 1.3 (2018)
All versions of TLS are in wide use. This is because most web servers are configured to allow all versions of TLS to be negotiated, and most modern web browsers are configured to allow the same. However, the state of things will change soon: Apple, Google, Microsoft, and Mozilla have agreed to deprecate TLS 1.0 and 1.1 in their products by March 2020.
Wouldn't it be better to keep the older SSL and TLS standards for compatibility? Why did you disable them?
Unfortunately, compatibility often comes with insecurity. TLS 1.0 and 1.1 are both known to have:
- Vulnerabilities to man-in-the-middle attacks that allow an attacker to force inferior (breakable) encryption between the client and server
- Inferior cryptographic hashes and ciphers
The industry is taking a conservative approach to deprecating the older TLS standards. TLS 1.2 will soon be the oldest TLS standard in active use, but it's still over 10 years old.
Can you please leave the SSL and TLS settings unchanged for my site?
This is a setting that affects all of our cloud sites and services. We cannot disable it for some sites and not others. We want our customers and their data to be secured to a high standard.
How can I determine the impact on my customers?
You can have your customers from their PC or Mac to test their browser's capabilities. Under the Protocol Support header, their test results should display "Your user agent has good protocol support." if they will remain unaffected.
I'd like to find out exactly which browsers will work with TLS 1.2. Can you provide that information?
Below is a chart of all major browsers and their ability to work with TLS 1.2. Please note that although the latest versions of Safari support TLS 1.2, Safari remains an unsupported web browser per our system requirements.
|Microsoft Internet Explorer 11||
Yes - Supports TLS 1.2.
If an error in the browser appears stating "Stronger security is required", then it will be necessary to disable TLS 1.0 and TLS 1.1 in IE's Advanced Settings.
Note to IT Administrators: You can force the above settings by using GPO. See the following Microsoft articles:
|Microsoft Internet Explorer 8, 9 and 10||Supports TLS 1.2*, but not by default, and only on Windows 7 or newer. Earlier Windows versions do not support TLS 1.2 with these versions of IE.
* It is necessary to enable TLS 1.2 in IE's Advanced Settings.
|Microsoft Edge||Yes - Supports TLS 1.2|
|Mozilla Firefox 27 and higher||Yes - Supports TLS 1.2|
|Mozilla Firefox 23 to 26||Supports TLS 1.2, but it is necessary to go into about:config and adjust the security.tls.version.max config value to a minimum of 3 in order to enable it.|
|Google Chrome 29 and higher||Yes - Supports TLS 1.2|
We and/or our customers still use Internet Explorer. Will we be affected?
That depends. If you use Internet Explorer 11 then you should be unaffected. You can get more information about browser capabilities from the table above.
How can I be sure that I will be able to get to my Issuetrak Cloud site with Internet Explorer?
Will my Active Directory SSL authentication still work with my Cloud site?
Yes, so long as your domain controllers support TLS 1.2.
- More information can be found here and here for customers leveraging Windows Server 2008R2 and Windows Server 2012 for their domain controllers.
Will my Cloud site still process incoming email via SSL?
Yes, so long as your mail server(s) support communicating via TLS 1.2.