On April 14, 2017, Dave & Adam’s will no longer support TLS 1.0 or TLS 1.1 over HTTPS. Any older browsers that do not support TLS 1.2 or higher will no longer work after this date. This change is mandated by the PCI Security Council and affects all merchants and service providers processing or transmitting credit card data.
Why are we making this change?
The PCI Security Council sets the rules on which technologies are acceptable for use in transmitting cardholder data. They have explicitly identified TLS 1.0 and TLS 1.1 as no longer being a strong form of encryption because it is vulnerable to many known attacks.
This is not an action Dave & Adam’s is taking alone. EVERY website that transmits or processes credit card data will be making this change.
TLS 1.2 support has been available in all major browsers for some time now. For reference, the earliest versions of each browser that, by default, offered support for TLS 1.2 are:
- Chrome 30 – released 2013-10-01
- Firefox 27 – released 2014-02-04
- IE 11 – released 2013-11-07 (Windows 7)
- Safari 7 – released 2013-10-22
- Microsoft Edge (All Versions) – released 2015-07-29
- Opera 17 – released 2013-08-08
Internet Explorer and Microsoft Security Updates
As of January 12, 2016, Microsoft will no longer provide security updates for any version of IE other than the most recent one available for their currently-supported operating systems. If, for example, a user is on Windows 7 and is using IE 10, they will no longer receive security updates for their browser. The only option will be for them to upgrade to IE 11.
Here’s a free test to verify the security of your browser