TLS1.0 end-of-life is near, and why it’s important

First a little background information… it all started with standards defined by the Payment Card Industry Security Standards Council. This group, originally formed by major industry players like American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc. in 2006, operates with the goal of defining and managing the ongoing evolution of the Payment Card Industry Data Security Standard. Generally speaking, when mentioned, you’ll often hear the standards referenced as adhering to “PCI compliance”.

Back in the olden days of the 1990s, encryption protocols SSL (Secure Socket Layer) and TLS (Transport Layer Security) were developed by Netscape (remember them?). If you really want to learn more about the technology, there are some good blogs that discuss their history.

Back in December 2015, the PCI council announced that in order to continue to adhere to PCI Compliance standards, all technologies need to transition from SSL and TLS 1.0 to a secure version of TLS by June 30, 2018.

As a result, vendors have been scrambling to update their technologies to support newer versions of TLS.  For example, we have been busy addressing on-premise Microsoft Exchange servers which leverage TLS security as part of their operation.  Also, companies are making TLS-related announcements, such as email encryption leaders Zix who released that after June 3rd 2018, users that attempt to access their secure email portal/ZixPort with a browser that does not support TLS 1.2 will get a “connection refused” message.  After June 24th all TLS 1.0 or 1.1 will fail.

Therefore, users must test their browser to make sure they are using a version that supports TLS1.2 or higher.  If yours doesn’t support TLS1.2 or higher, here’s a list of those that will.