TLS v1.0 is being Discontinued. What does that mean for my store?

As specified by the PCI Security Standards Council, Global support for TLS v1.0 will be discontinued as of June 2016, and we are getting an early start on the process by discontinuing it in May*.

Since we anticipate many questions from our users in regards to this change, we are providing the following information in this article to help you better understand the reasons behind the change and the potential impact it may have on your store.

*Important New Information
Since the original writing of this article, the PCI Security Standards Council has elected to push the deadline forward to sometime in 2018. As such we will maintain processes in place to transition to the new protocols when the time comes. In the mean time, TLS v1.0 will still be available for payment gateways that may still be using it.


What is TLS?

TLS stands for Transport Layer Security, and it is the cryptographic protocol that is used when one connects to a server securely. In essence, when your browser connects to a store for secure transactions, it is using TLS encryption to ensure transactions are secure.

Originally defined in 1999, it has gone through several version changes starting with version 1.0.


Why is support for TLS v1.0 being discontinued?

Due to its age, TLS v1.0 is no longer considered secure by industry standards and has gradually been discontinued across most services since mid 2015. And, as mentioned, support for TLS v1.0 is being discontinued globally in June 2016 (see important note above). Instead, support for TLS versions 1.1 and 1.2 will be favored. In order to remain PCI compliant, 3dcart will update its server environment to accept only TLS v1.1 and TLS v1.2 by May of 2016 just prior to the global cutoff.


What does this mean for my Store?

Rest assured that your store’s data will remain intact during the upgrade. Nothing will change as far as your store’s software and data is concerned. The changes we are making are on the server level and will not impact the 3dcart software at all.

The only effect this change will have on your store is that older browsers (using only TLS v1.0) will no longer be able to access your store’s secure pages.


What are the supported Browser versions?

The major browsers have all had updates within the last year to natively use TLS versions 1.1 and 1.2. Furthermore, in anticipation of the changes, the major browsers have added support for TLS 1.1 and 1.2 within the last two years. Here we will provide a list of the supported browsers including the minimum, recommended and best versions to use.

Google Chrome

  • Minimum
    Version 32 (released in January 2014) or higher.
  • Recommended
    Version 40 (released in January 2015)
  • Best
    Version 47 (released in December of 2015)

Google Android OS Browser

  • Minimum
    Version 4.1 – Jelly Bean or higher (Released in 2012)
  • Recommended
    Version 5.0 – Lollipop (Released in 2014)
  • Best
    Version 6.0 – Marshmallow (Released in May 2015)

Firefox

  • Minimum
    Version 24 (Released September 2013)
  • Recommended
    Version 38 (Released in May 2014)
  • Best
    Version 43 (Released in December 2015)

Internet Explorer

  • Minimum
    Version 8 (Released in March 2009)
    Note that version 8 compatibility is applicable only to the Windows 7 operating system. XP and Vista are not supported
  • Recommended
    Version 11 (Released in June 2015)
  • Best
    Edge (newest browser for Windows 10 users)

Opera

  • Minimum
    Version 27 (Released January 2015)
  • Best
    Version 34 (Released December 2015)

Safari on Mac

  • Minimum
    Version 9 using OS X 10.9 (Released June 2013)
  • Recommended
    Version 9 using OS X 10.10 (Released October 2014)
  • Best
    Version 9 using OS X 10.11 (Released June 2015)