On February 2nd, 2016, we're turning off the SSL protocol TLS 1.0.
When a browser connects to a secure website (https in the URL) it performs an exchange of information. This handshake allows the client and server to speak the same language, allowing them to agree upon an encryption algorithm and encryption keys before the selected application protocol begins to send data. They have to agree on a communications encryption protocol - TLS 1.0, TLS 1.1, or TLS 1.2 - to use. Last year, security experts discovered a possible flaw in TLS 1.0 that a hacker could use to intercept communications. This exploit has not yet been used by a hacker but the PCI Security Standards Council has decided to eliminate the protocol by June 1st 2016.
Nucom Web Hosting, LLC takes the protection of our customers' data very seriously. To maintain alignment with these best practices and updated compliance requirements from the PCI Security Standards Council, Nucom Web Hosting will disable the use of TLS 1.0 for all connections to our web servers.
Problem 1 - Old Browsers
If you're using an older browser which is does not have TLS 1.1 or above, then you won't be able to connect to a secure website on our server. Users will get a 'network connection error' or 'this page can't be displayed' message. Most users won't have this problem but we've included a list (below) of browsers that could be effected.
The easiest solution is to upgrade your browser or install a modern browser like Google's Chrome. You can download Chrome for free at https://www.google.com/chrome/browser/desktop/index.html
Problem 2 - Delete Cookies
If a customer has logged into your site previously, then their browser caches (remembers) which protocol they used to connect via https. If they originally connected with TLS 1.0 then they will try to connect with TLS 1.0 again. When that happens they'll enter their login, hit enter, and then get bounced back to the login page without any error message. There's no error message because it's not happening on the website, it's the web server denying communications with the customers browser.
The easiest solution for customers is to delete their cookies. Here's an article on how to delete cookies on most browsers/versions.
http://www.wikihow.com/Clear-Your-Browser's-Cookies
We'd also suggest you add a message to your login page letting people know what to do if they're unable to login. Contact us if you'd like us to do this for you.
Problem 3 - AnyConnect VPN
If you're unable to connect to the server via the VPN then you'll need to download the latest version. If you've on a Mac and using the built-in VPN, then you'll also have to download the latest version of AnyConnect and use it to connect to the server.
You can download the latest version here - https://kb.edgewebhosting.net/KnowledgebaseArticle53042.aspx
Internet Browsers
You can test your browser to see if it supports TLS 1.1 or TLS 1.2 by going to https://www.ssllabs.com/ssltest/viewMyClient.html.
Browser |
TLS 1.1 or Higher Compatibility Notes |
Microsoft Internet Explorer (IE) |
Review the Enabling TLS 1.1 and TLS 1.2 in Internet Explorer for detailed information and instructions. |
Desktop and mobile IE version 11 |
Compatible by default |
Desktop IE versions 8, 9, and 10 |
Capable when run in Windows 7 or newer, but not by default. Review the Enabling TLS 1.1 and TLS 1.2 in Internet Explorer to enable TLS 1.1 or higher encryption. Windows Vista and older operating systems, such as Windows XP, are not compatible with TLS 1.1 or higher encryption. |
Desktop IE versions 7 and below |
Not compatible with TLS 1.1 or higher encryption. |
Mobile IE versions 10 and below |
Not compatible with TLS 1.1 or higher encryption. |
Microsoft Edge |
Compatible by default |
Mozilla Firefox |
Compatible with the most recent, stable version, regardless of operating system |
Firefox 27 and higher |
Compatible by default |
Firefox 23 to 26 |
Capable, but not by default. |
Firefox 22 and below |
Not compatible with TLS 1.1 or higher encryption. |
Google Chrome |
Compatible with the most recent, stable version, regardless of operating system |
Google Chrome 38 and higher |
Compatible by default |
Google Chrome 22 to 37 |
Capable when run in Windows XP SP3, Vista, or newer (desktop), OS X 10.6 (Snow Leopard) or newer (desktop), or Android 2.3 (Gingerbread) or newer (mobile) |
Google Chrome 21 and below |
Not compatible with TLS 1.1 or higher encryption. |
Google Android OS Browser |
|
Android 5.0 (Lollipop) and higher |
Compatible by default |
Android 4.4 (KitKat) to 4.4.4 |
Capable, but not by default. |
Android 4.3 (Jelly Bean) and below |
Not compatible with TLS 1.1 or higher encryption. |
Apple Safari |
|
Desktop Safari versions 7 and higher for OS X 10.9 (Mavericks) and higher |
Compatible by default |
Desktop Safari versions 6 and below for OS X 10.8 (Mountain Lion) and below |
Not compatible with TLS 1.1 or higher encryption. |
Mobile Safari versions 5 and higher for iOS 5 and higher |
Compatible by default |
Mobile Safari for iOS 4 and below |
Not compatible with TLS 1.1 or higher encryption. |