LuxSci to upgrade all Systems to support only TLS v1.2+ only
Update 6/17/2019: LuxSci has pushed back the general date of the transition to TLS 1.2 only support to January 1st, 2020. This matches the timeline set my most browser vendors and others for abandoning the old versions of TLS. However, new dedicated LuxSci customers will be placed on servers that support only TLS 1.2+ starting this week. The rolling update window is now January 1st through January 31st, 2020.
That said, LuxSci will still be transitioning to requiring TLS 1.2+ support for email transmission (“Forced TLS”) during the July-August, 2019 window.
Additionally, any dedicated customer that would like to transition to TLS 1.2+ sooner, may do so at any time my asking LuxSci support.
LuxSci will be removing the remaining support for TLS v1.0 and TLS v1.1 from its services starting July 1st, 2019. This update will be a rolling change to all servers that will take place between July 1st and August 31st, 2019.
TLS v1.0 and TLS v1.1 are very old transport security protocols that have been succeeded by the much more secure TLS v1.2, which came out way back in 2008. All major web browsers released in the last 6+ years support TLS 1.2. Older web browsers may or may not support it (check your browser); however, less than 1% of web traffic across the world actually use the older protocols
TLS 1.0 and 1.1. TLS 1.0 and 1.1 are showing their age and security weaknesses have been cropping up for a while. Requirements for PCI compliance have mandated using TLS 1.2+ only since last summer and NIST best practices for TLS usage suggest moving away from older versions of TLS soon. LuxSci has been locking down dedicated customers that require use of only TLS 1.2+ for some time as well. In 2020, most major web browser vendors will be completely dropping support for TLS 1.0 and 1.1 as well.
So, it really is time to give up the ghost. During the rolling maintenance period of July and August, LuxSci will be removing TLS 1.0 and 1.1 support on all dedicated and shared servers. This change affects:
- Web site hosting (i.e., what TLS versions your LuxSci-hosted web site will accept).
- Email sending via SMTP
- Email checking via POP and IMAP
- LuxSci’s WebMail and administration portals
- LuxSci’s Spotlight Mailer interface
- LuxSci’s SecureForm for posting services
- Connections to LuxSci’s APIs
- Email open and click tracking
- SMTP Forced TLS. We will only support forced outbound TLS with SMTP servers that support TLS v1.2+. We may still support opportunistic TLS with legacy SMTP servers; however, we will no longer consider such communications to be secure enough for compliance.
In general, most customers will not notice any difference. However, if you use old, legacy systems (or your end users do) you will want to be sure that you either (a) upgrade your systems, or (b) ensure that these systems will support TLS 1.2 for connections to LuxSci’s servers. Check out our blog post that rates web browsers and email programs on their support for TLS. Look at the column “Revision 2 + TLS 1.2” to determine if your program +operating system will support TLS 1.2 with LuxSci.
- Update: LuxSci upgrading all Systems to support only TLS v1.2+ only
- Do you expect email carriers to require TLS v1.2 or better in the future?
- TLS 1.0 to 1.2 and NIST TLS Cipher Updates: Email Program and Web Browser Compatibility Issues
- SMTP TLS: All About Secure Email Delivery over TLS
- Does TLS Corruption Spell the end of SMTP TLS?