11 March What You Need to Know About the TLS 1.2 Update March 11, 2018By Will Strohl | 2 MIN READ There has been a lot of talk in recent weeks about TLS compliance requirements. There’s good reason for this, because notable vendors that are known for being on the forefront of security such as Authorize.net, PayPal, and UPS began notifying their partners and vendors about two years ago. Everyone else began receiving similar notifications about a year ago. What does this all mean though? What is TLS Anyway? TLS is an acronym for “transport layer security,” which is a fancy name for a security protocol that protects the information sent between web browsers and web servers. For example, every time a webpage loads or you submit an order in an online store, TLS is what ensures that your private and financial information is secure – in both directions. TLS Deadlines The motivator behind these deadlines is the official security standards council, PCI DSS, raising the standards for all secured websites. They have mandated that all website owners upgrade their minimum security standard from TLS 1.0 and earlier security protocols to at least TLS 1.1 by June 30, 2018. Under the covers, there are several new and depreciated features between various security protocols, including the cryptography. However, many of the world’s leading website owners had their own deadline, which was February 28, 2018. Obviously, that date has already passed, so many website owners are on the scramble now for their payments and shipping integrations to work again. Customers If you’re simply a person who uses the internet to browse content and purchase things online, compliance is easy for you. Simply ensure that you upgrade your web browser to the latest version. Ideally, you should be using one of the prominent three browsers, Google Chrome, Mozilla Firefox, or Microsoft Edge. Xero published a great blog that outlines the security protocol support for these web browsers. Online Store Owners/Administrators If you’re running an online store using a cloud platform provider such as Shopify or BigCommerce, you don’t really need to do anything. Cloud e-commerce providers like these are all on top of this already. If you’re hosting your own online store, chances are that you may need to upgrade your e-commerce software. For example, at Hotcakes Commerce, we knew about this upgrade two years ago and found it necessary to apply a code update to be fully compliant with the TLS requirements. If you’re running Hotcakes Commerce, you simply need to upgrade to version 01.10.04 or newer. (It would be best to upgrade to the most recent version of Hotcakes, which is 03.01.00 at this time.) Server Administrators Again, if you’re running your online store using a cloud platform, you don’t need to worry about this. However, those of you that are responsible for web servers need to ensure that earlier security protocols are disabled and you should probably only allow at least TLS 1.1. Microsoft published a useful article about enabling TLS 1.1 and 1.2 as defaults, and in some instances, it requires ensuring that you’re current on your Windows Updates. (This is something you should be doing anyway though.) Summary If you need assistance with any of this, please feel free to let us know. We’d be happy to help! Let's Chat! We'd love to work with you. Let's talk about how. Contact Us March 11, 2018By Will Strohl Business, Internet, Technology ECommerce, E-Commerce, ECommerce CMS, Hotcakes Commerce, Security About the Author Will Strohl Founder & CEO Upendo Ventures Overall, Will has nearly 20 years of experience helping website owners become more successful in all areas, including mentoring, website development, marketing, strategy, e-commerce, and more. Please enable JavaScript to view the comments powered by Disqus. blog comments powered by Disqus Related Posts 🚨 16 Billion Passwords Were Just Leaked — Here's What You Need to Know (and Do) A major data breach just made headlines — and while it sounds alarming (and it is), this post is all about what *you* can do today to stay protected. What Are Your Website Goals? Do You Even Know? Most small business owners launch their websites and then never look back. We get it. But "set it and forget it” could be costing you more than you realize. Why You NEED Regular Updates on Your Homepage Your homepage is where Google and other search engines look first to decide if your site—and your business—are still active. Stop Selling to Everyone: Why You Need to Know Your Real Customer When you try to sell to everyone, you end up selling to no one. Learn how to focus your marketing so you're speaking to the right people at the right time. CMS State of the Union: Data-Based Insights From the Past Two Years If you didn’t already know, CMS is an acronym for “content management system.” A CMS is used by many developers, consultancies, and companies to build their website. It’s an incredibly common thing to do, as any flavor of CMS you choose will always save you effort and money, compared to building a website from nothing. This is especially true if you look at the lifetime investment of your website. Using a CMS framework or solution of some kind just seems to make sense. After all, this is what I’ve built my own career upon since 2001. However, then, CMS was known as a portal or portal framework. That’s a long time ago, so it’s not a bad idea to take stock of things every now and thing to see if what you’re doing is the correct thing. To this end, I asked myself, “How is CMS doing right now, and does it make sense to still be doing CMS-related work in the future?” I’ve Installed DNN. What’s Next? Sometimes it’s easy to forget some of the simple things when you've been working with something over a long period of time. When this happens, it's easy to overlook how technical, difficult, hidden, or simply not obvious things. You end up in something of an auto-pilot mode. This article helps to outline some of the quick-and-easy things that we often do after first installing DNN.