Frequently Asked Question Why has SRC updated its website security? Who is affected?

Context

SRC accepts credit card payments for certain events, and as such must comply with the Payment Card Industry (PCI) guidelines. These guidelines require secure connections using an encryption protocol called Transport Layer Security, or TLS (TLS superseded SSL). There are three versions of of the protocol now in use: TLS 1.0, 1.1, and 1.2. The most current and most secure version is TLS 1.2. PCI declared TLS 1.0 to be non-compliant as of April 2015, due to known security weaknesses.

Since some SRC website users had older browsers that would have been be blocked, SRC requested and was granted an extension through January 31, 2016. Following three months of notice, support for TLS 1.0 was disabled on February 1.

What Does This Mean?

SRC urges the SRC community to make certain that their browser is capable of connecting to websites with TLS 1.1 or higher. and if not, to take steps to upgrade or reconfigure as required. 

Take Action

1. To determine whether your browser, as configured, is capable, please visit the SSL Labs test page, and note the findings under the heading "Protocol Features".
2. If the test page indicates that your browser lacks support for TLS 1.1 or higher, use the table below to determine whether you need to upgrade or reconfigure the browser you are using. With Firefox and Chrome, we recommend upgrading to the latest browser version. NOTE: In some cases, you will need the help of your company's IT group.

Here are some additional references we found that may be helpful.

• Need help in configuring IE browsers? Consult this helpful information and instruction page.