Old Browsers will see Broken Sites June 2016 when SSL/TLS 1.0 Disabled - Webnames Blog

Old Browsers will see Broken Sites June 2016 when SSL/TLS 1.0 Disabled

Update to a browser that supports TLS 1.1 or 1.2 by June 2016, or start seeing broken websites.

On June 1st, 2016, you might have trouble seeing your favourite websites (and Webnames.ca) if you are using one of the older web browser versions listed below:

  • Microsoft Internet Explorer version 10 or lower
  • Android Browser OS version 4.4 or lower
  • Safari version 6 or lower
  • Safari Mobile on iOS version 4 or lower
  • Opera version 12.17 or lower
  • Rare old versions of Chrome and Firefox on PCs with automatic updates disabled (detailed version list)

This is because these browsers do not properly support the secure HTTPS communication protocols TLS 1.1 or 1.2 by default. Older SSL 3.0 and TLS 1.0 protocols preferred by these browsers will be disabled by many sites in June 2016 to improve security and privacy.

Note: Webnames.ca will also disable SSL/TLS 1.0 support on June 1, 2016.

Fortunately there are free, updated browsers available for every major computing platform that are faster, more feature-rich, and more secure. We recommend installing the latest version of Google Chrome, Mozilla Firefox, or any other modern browser.

Once sites begin disabling SSL/TLS 1.0 support, if you are using an older browser, you might think that a secure website is broken, but if you to go an external website checker to determine if a website is down, you may find that the website works. This means that the issue is with your current browser, not the website you are trying to visit.

SSL/TLS 1.0 Not Supported

This change has been mandated by the PCI Security Standards Council, the organization that oversees security standards related to online payments. They have stated “SSL has been removed as an example of strong cryptography in the PCI DSS, and can no longer be used as a security control after June 30, 2016.

In their latest policy PCI-DSS 3.1, SSL protocol version 3.0 or earlier, as well as TLS 1.0, will not be considered “strong cryptography.” The reason for disabling SSL 3.0 and TLS 1.0 by the PCI Security Standards Council is to protect against recent vulnerabilities such as the POODLE exploit.

(Note: Although the PCI SSC has recently extended its compliance date, Webnames.ca has decided to maintain our scheduled SSL/TLS 1.0 cutoff date of June 1, 2016 in order to ensure the security of our systems.)

According to our latest browser usage statistics, only a small percentage of our user sessions (2-3%) involve older browsers that will be affected by this change.

We strongly encourage all users to upgrade your browsers immediately to avoid problems browsing Webnames.ca and other web sites, as well as to ensure a fast and secure Internet experience.

Updated February 29, 2016 by Jordan Rieger (based on original post by David Hall)

Posted in: