Why It’s Time To Enable TLS 1.2
mrt 24, 2020 | 42Gears Team
You may not have heard of TLS, or Transport Layer Security, but this encryption technology likely plays a huge role in your personal and professional life. Historically, data was transmitted over the Internet unencrypted. Encryption was employed only when sensitive information was being sent across. However, in 1999, the need to protect private information was recognized and Transport Layer Security or TLS came into being.
Today, with so much data being transmitted over the internet, including sensitive data like login credentials, credit card details and personal details, TLS has become a norm. For over twenty years now, TLS has encrypted communication between servers and web browsers. Businesses prefer to secure communications between web browsers and apps regardless of whether sensitive data is being transmitted.
TLS is an Internet Engineering Task Force (IETF) standard aimed at preventing tampering, eavesdropping, and message forgery.
TLS, a cryptographic protocol, is widely used to ensure secure communication between servers and web browsers. TLS is an Internet Engineering Task Force (IETF) standard aimed at preventing tampering, eavesdropping, and message forgery. Most IP-based protocols, such as Simple Mail Transfer Protocol (SMTP), File Transfer Protocol (FTP), Hypertext Transfer Protocol Secure (HTTPS), and Post Office Protocol 3 (POP3) support TLS. Common apps that use transport layer security include email, instant messages, web browsers, and voice over IP.
Here, encryption keys are based on a TLS handshake – a secret negotiation that takes place at the beginning of a given communication session. The most commonly used versions of TLS are TLS 1.0, TLS 1.1 and TLS 1.2. However, both TLS 1.0 and TLS 1.1 are known to be quite vulnerable. TLS 1.2, on the other hand, is considered to be more secure. However, both the server and browser must support TLS 1.2 for communication to take place between the two. You can use the SSL Configuration Checker to find out if your website supports TLS 1.2.
The most commonly used versions of TLS are TLS 1.0, TLS 1.1 and TLS 1.2. However, both TLS 1.0 and TLS 1.1 are known to be quite vulnerable. TLS 1.2, on the other hand, is considered to be more secure.
You can benefit greatly by enabling TLS 1.2 on your web browser. With TLS 1.1 disabled, you will no longer be vulnerable to BEAST (Browser Exploit Against SSL/TLS) attacks. You also will have more secure cipher suites, which will reduce your dependency on RC4 (Rivest Cipher 4), a stream cipher known for its simplicity and speed. In addition, you will gain stronger ciphers that can prepare your website for new vulnerabilities identified in older ciphers or protocols. In case you are still using SSL 3.0, you stand to benefit even more from TLS 1.2 – it improves browser performance considerably by enabling Online Certificate Status Protocol (OCSP) stapling.
As most browsers now support TLS 1.2 (some by default), users may sometimes find it difficult to connect to websites that do not support TLS 1.2 as they cannot negotiate properly with a different version of the protocol. The steps to be followed to enable TLS 1.2 may vary depending on the version and web server software being used. You may need to update a configuration setting or even upgrade the server software. A simple web search should provide all the information you need.
According to the latest PCI compliance standards, sites accepting payments made through credit cards must use TLS 1.2. Apple, Microsoft, Google, and Mozilla (responsible for Edge, Internet Explorer, Chrome, Safari, and Firefox browsers) had earlier announced that they will disable TLS 1.0 and TLS 1.1 by the first half of 2020.
According to the latest PCI compliance standards, sites accepting payments made through credit cards must use TLS 1.2. Apple, Microsoft, Google, and Mozilla (responsible for Edge, Internet Explorer, Chrome, Safari, and Firefox browsers) had earlier announced that they will disable TLS 1.0 and TLS 1.1 by the first half of 2020. Moreover, services such as Authorize.net, FedEx, UPS, Stripe, PayPal and many more support TLS 1.2 already and plan to refuse TLS 1.0 connections soon, which means it’s imperative that you upgrade to TLS 1.2 while there’s still time to avoid any disruption.
As is evident, enabling TLS 1.2 can improve internet security significantly. So, all businesses should comply. All 42Gears products support TLS 1.2 and above. We encourage those who have disabled or are about to disable TLS 1.0 and TLS 1.1 to opt for customer-specific dedicated or on-premise SureMDM (42Gears unified endpoint management solution) deployment if required.
Mobile Device Management
SureMDM is an effective way to bring all of your devices together across all major
hardware families and operating systems.