Frequently Asked Question Why has SRC updated its website security? Who is affected?
SRC accepts credit card payments for certain events, and as such must comply with the Payment Card Industry (PCI) guidelines. These guidelines require secure connections using an encryption protocol called Transport Layer Security, or TLS (TLS superseded SSL). There are three versions of of the protocol now in use: TLS 1.0, 1.1, and 1.2. The most current and most secure version is TLS 1.2. PCI declared TLS 1.0 to be non-compliant as of April 2015, due to known security weaknesses.
Since some SRC website users had older browsers that would have been be blocked, SRC requested and was granted an extension through January 31, 2016. Following three months of notice, support for TLS 1.0 was disabled on February 1.
What Does This Mean?
SRC urges the SRC community to make certain that their browser is capable of connecting to websites with TLS 1.1 or higher. and if not, to take steps to upgrade or reconfigure as required.
- To determine whether your browser, as configured, is capable, please visit the SSL Labs test page, and note the findings under the heading "Protocol Features".
- If the test page indicates that your browser lacks support for TLS 1.1 or higher, use the table below to determine whether you need to upgrade or reconfigure the browser you are using. With Firefox and Chrome, we recommend upgrading to the latest browser version. NOTE: In some cases, you will need the help of your company's IT group.
Here are some additional references we found that may be helpful.
- Need help in configuring IE browsers? Consult this helpful information and instruction page.
|Browser & Version||TLS 1.1 and 1.2 Capable?||Notes|
|IE Edge desktop and mobile||Yes||Compatible by default.|
|IE 11 desktop and mobile||Yes||Compatible by default.|
|IE 8, 9, and 10 desktop||Yes, but not by default||Windows 7 and up, but not XP or Vista. Consult this configuration guide.|
|IE 7 and below, desktop||No||
|IE 10 and below, mobile||No|
|Firefox 27 and up||Yes||Compatible by default, all operating systems.|
|Firefox 23 to 26||Yes, but not by default|
|Firefox 22 and below||No|
|Chrome 38 and up||Yes||Compatible by default.|
|Chrome 22 to 37||Yes, but not by default||Windows XP SP3, Vista, or newer desktop,
OS X 10.6 (Snow Leopard) or newer desktop,
Android 2.3 (Gingerbread) or newer mobile.
|Chrome 21 and below||No|
|Android 5.0 (Lollipop) and up||Yes||Compatible by default.|
|Android 4.4 (KitKat) up to 4.4.4||Yes, but not by default|
|Android 4.3 and below||No|
|Desktop Safari 7 and up for OS X 10.9 (Mavericks) and up||Yes||Compatible by default.|
|Desktop Safari 6 and below for OS X 10.8 (Mountain Lion) and below||No|
|Mobile Safari 5 and up for iOS 5 and up||Yes||Compatible by default.|
|Mobile Safari for iOS 4 and below||No|