What is TLS Anyway?
TLS is an acronym for “transport layer security,” which is a fancy name for a security protocol that protects the information sent between web browsers and web servers. For example, every time a webpage loads or you submit an order in an online store, TLS is what ensures that your private and financial information is secure – in both directions.
TLS Deadlines
The motivator behind these deadlines is the official security standards council, PCI DSS, raising the standards for all secured websites. They have mandated that all website owners upgrade their minimum security standard from TLS 1.0 and earlier security protocols to at least TLS 1.1 by June 30, 2018. Under the covers, there are several new and depreciated features between various security protocols, including the cryptography.
However, many of the world’s leading website owners had their own deadline, which was February 28, 2018. Obviously, that date has already passed, so many website owners are on the scramble now for their payments and shipping integrations to work again.
Customers
If you’re simply a person who uses the internet to browse content and purchase things online, compliance is easy for you. Simply ensure that you upgrade your web browser to the latest version. Ideally, you should be using one of the prominent three browsers, Google Chrome, Mozilla Firefox, or Microsoft Edge. Xero published a great blog that outlines the security protocol support for these web browsers.
Online Store Owners/Administrators
If you’re running an online store using a cloud platform provider such as Shopify or BigCommerce, you don’t really need to do anything. Cloud e-commerce providers like these are all on top of this already. If you’re hosting your own online store, chances are that you may need to upgrade your e-commerce software. For example, at Hotcakes Commerce, we knew about this upgrade two years ago and found it necessary to apply a code update to be fully compliant with the TLS requirements. If you’re running Hotcakes Commerce, you simply need to upgrade to version 01.10.04 or newer. (It would be best to upgrade to the most recent version of Hotcakes, which is 03.01.00 at this time.)
Server Administrators
Again, if you’re running your online store using a cloud platform, you don’t need to worry about this. However, those of you that are responsible for web servers need to ensure that earlier security protocols are disabled and you should probably only allow at least TLS 1.1. Microsoft published a useful article about enabling TLS 1.1 and 1.2 as defaults, and in some instances, it requires ensuring that you’re current on your Windows Updates. (This is something you should be doing anyway though.)
Summary
If you need assistance with any of this, please feel free to let us know. We’d be happy to help!