Protecting our users’ information and privacy is extremely important to us. As a cloud-based security service, we are fully committed to complying with the PCI Data Security Standards (PCI DSS) requirements. That is why Sucuri disabled support for TLS version 1.0 and 1.1 to our WAF/CDN edge nodes on June 28, 2018.
What Is TLS?
Transport Layer Security (TLS) is a cryptographic protocol used to enhance the security of a communication channel by encrypting the traffic between the parties involved. Websites use TLS to encrypt the traffic between the web server and the web browser. Giving the assurances to the browser that they are talking to the right server and that the data is not being modified or eavesdropped.
Secure Sockets Layer (SSL) is an older version of TLS which is now deprecated by the Internet Engineering Task Force. People still refer to SSL and TLS interchangeably.
Why Disable Early SSL/TLS Versions?
The PCI Security Standards Council recommends using TLS 1.2 in order to meet the PCI Data Security Standard (PCI DSS) for safeguarding payment data. The deadline for disabling SSL/early TLS is June 30, 2018. The goal is to implement a more secure encryption protocol with TLS 1.2 or higher.
As a website security company, we are happy to implement any changes that make the internet safer. We believe that using a more secure encryption protocol is a very good security improvement.
Sucuri Deprecates TLS 1.0 and 1.1
Security is the very center of Sucuri’s vision. Because of this, we employ cutting-edge encryption and technologies to safeguard the integrity and availability of our systems.
Our globally distributed team has worked meticulously to ensure that Sucuri’s products and services satisfy these new regulations. In order to comply with the new requirements, we have disabled support for TLS v1.0 and v1.1 on our WAF/CDN edge servers.
Do You Need to Do Anything?
Actually, as a Sucuri customer or a visitor, you don’t need to be concerned with these changes.
Most web browsers support TLS 1.2.
With the exception of Internet Explorer (IE), the vast majority of the browsers have already been supporting TLS 1.2 for a while. IE versions 8 to 10 actually support TLS 1.2; however, you need to enable it. You can follow these instructions to do it:
- Navigate to Tools,
- Click on Internet Options,
- Select Advanced,
- Enable the Use of TLS 1.2.
IE version 7 and older do not support TLS 1.2.
The only issue we foresee is that very old Internet Explorer (IE) versions might not be able to access our website. In this case, users can install a newer browser or update IE if possible, as described above.
Conclusion
Sucuri is always focused on enhancing internet safety. TLS 1.0 and 1.1 will be officially deprecated on June 30, 2018.
We have already disabled support for TLSv1.0 on our WAF/CDN edge servers to be in compliance with the newest PCI Standards requirements. Please let us know if you have further questions.
Antony Garand
David Dede
Juliana Lewis
Alycia Mitchell
Peter Gramantik
Tony Perez