Announcements , Security June 28, 2018

TLS 1.0 disabled due to PCI-DSS changes

Yorgos Fountis

2 min read
Share
Image for TLS 1.0 disabled due to PCI-DSS changes

This is a brief update to announce that we’ve disabled TLS 1.0,  in accordance with PCI’s Data Security Standard (PCI DSS) requirement changes. We’ll be supporting only TLS 1.1 and TLS 1.2  from now on. Although the ‘SSL’ name stuck, TLS is a more modern version of SSL that is used nowadays (it was originally developed by Netscape, in the 90’s). 

The PCI Security Standards Council is a global organisation that oversees the technologies and security standards used in Internet payment systems. Due to the alarming amount of security problems found in earlier versions of SSL and TLS (one such example is the somewhat recent POODLE attack), PCI strongly encourages the deprecation of TLS 1.0 and the upgrade to a secure alternative. The deadline for this change to take place is June 30th, 2018. 

Your business is PCI-compliant with Pressidium

The TLS 1.0 deprecation affected mostly clients that process payments through their WordPress site. The update was automatic and seamless, so nothing was needed on your part. As we now only support TLS 1.1 and 1.2,  your web browser will receive an HTTPS communication error and won’t be able to connect, if it requests tlsv1.0

Although it is very difficult to estimate the total percentage of global TLS 1.0 traffic, it is considered to be very low, mostly originating from pre-5.0 Android devices. According to Cloudflare, the total amount of  their service’s TLS 1.0 traffic for 2017 was under 10%:

We are monitoring browsers and traffic to track the percentage of TLS 1.0+1.1 traffic relative to the total volume of encrypted traffic.  In October 2014, this traffic was approximately 30% of all encrypted traffic on Cloudflare’s network.  In February 2015, this traffic was less than 22% of all encrypted traffic on Cloudflare’s network. In June 2017, this traffic was less than 10% of all encrypted traffic on Cloudflare’s network.

Here is a list of web browsers that support TLS 1.1 and 1.2, according to caniuse.com.

As your WordPress site is hosted on a highly-available WordPress infrastructure, and not just on one server, the update did not cause any downtime. 

 

Share

Did you like this article?

Subscribe to our blog and get awesome WordPress content straight to your inbox.

SUBSCRIBE

OUR READERS ALSO VIEWED:

Image for WordPress 5.4 Is Here… Find Out What’s New!
07 April 2020

WordPress 5.4 Is Here… Find Out What’s New!

WordPress 5.4 has landed and comes with a host of new features including some significant block updates, a 14% faster editor and more!
Alexander Newnham
Alexander Newnham
5 min read
Image for PHP 7.4 Now Available!
31 March 2020

PHP 7.4 Now Available!

PHP 7.4 has been rolled out to all regions and is available for use for both newly created and current websites!
Petros Koumantarakis
Petros Koumantarakis
2 min read
Image for Support for TLSv1.1 is Ending
28 January 2020

Support for TLSv1.1 is Ending

Security is a top priority at Pressidium. Due to the very low levels of traffic that are using TLSv1.1 we are ending support for TLSv1.1
Alexander Newnham
Alexander Newnham
2 min read