As of any day now, Transport Layer Security (TLS) 1.0 and 1.1 will no longer be supported by most endpoints as it’s an outdated security configuration. But how to prepare?
TLS is a critical security protocol used to protect web traffic. TLS 1.0 has been around a while (20 years, in fact); version 1.1 for 13 years. So, it is time that these versions were put out to grass!
Both versions are out-of-date protocols susceptible to containing security vulnerabilities that may be exploited by attackers. Also, neither are compliant with today’s PCI Data Security Standards (PCI DSS) for safeguarding payment data. The vast majority of encrypted Internet traffic is now over TLS 1.2 (which is no newbie technology: it was introduced more that a decade ago). Almost every website now supports TLS 1.2.
With this change, the industry as a whole is working to deprecate support for TLS 1.0 and 1.1. Google, Microsoft and Mozilla have all announced that their browsers will no longer support TLS 1.0 and 1.1 as of the end of March 2020.
While here at SMTP2GO we do default to TLS 1.2, we will continue to support the older versions for a while yet. In order to function properly, however, we do recommend upgrading to TLS 1.2. If this isn’t possible – while not ideal – we suggest turning off TLS/SSL altogether.
If you have any questions regarding this, please contact us.
it would be helpful if “we will support older versions for awhile yet… were accompanied by a date or even a date the article was written.
Good call! We have no immediate or even road mapped plans to remove support for older devices that can only use older TLS versions. If or when we do, we will reach out to customers to let them know and give plenty of warning.