Frequently Asked Question Why has SRC updated its website security? Who is affected?

Context

SRC accepts credit card payments for certain events, and as such must comply with the Payment Card Industry (PCI) guidelines. These guidelines require secure connections using an encryption protocol called Transport Layer Security, or TLS (TLS superseded SSL). There are three versions of of the protocol now in use: TLS 1.0, 1.1, and 1.2. The most current and most secure version is TLS 1.2. PCI declared TLS 1.0 to be non-compliant as of April 2015, due to known security weaknesses.

Since some SRC website users had older browsers that would have been be blocked, SRC requested and was granted an extension through January 31, 2016. Following three months of notice, support for TLS 1.0 was disabled on February 1.

What Does This Mean?

SRC urges the SRC community to make certain that their browser is capable of connecting to websites with TLS 1.1 or higher. and if not, to take steps to upgrade or reconfigure as required. 

Take Action

  1. To determine whether your browser, as configured, is capable, please visit the SSL Labs test page, and note the findings under the heading "Protocol Features".
  2. If the test page indicates that your browser lacks support for TLS 1.1 or higher, use the table below to determine whether you need to upgrade or reconfigure the browser you are using. With Firefox and Chrome, we recommend upgrading to the latest browser version. NOTE: In some cases, you will need the help of your company's IT group.

Here are some additional references we found that may be helpful.

Browser & VersionTLS 1.1 and 1.2 Capable?Notes 
IE Edge desktop and mobile Yes Compatible by default.
IE 11 desktop and mobile Yes Compatible by default.
IE 8, 9, and 10 desktop Yes, but not by default Windows 7 and up, but not XP or Vista. Consult this configuration guide.
IE 7 and below, desktop No

 

IE 10 and below, mobile No  
Firefox 27 and up Yes Compatible by default, all operating systems.
Firefox 23 to 26 Yes, but not by default  
Firefox 22 and below No  
Chrome 38 and up Yes Compatible by default.
Chrome 22 to 37 Yes, but not by default Windows XP SP3, Vista, or newer desktop,
OS X 10.6 (Snow Leopard) or newer desktop,
Android 2.3 (Gingerbread) or newer mobile.
Chrome 21 and below No  
Android 5.0 (Lollipop) and up Yes Compatible by default.
Android 4.4 (KitKat) up to 4.4.4 Yes, but not by default  
Android 4.3 and below No  
Desktop Safari 7 and up for OS X 10.9 (Mavericks) and up Yes Compatible by default.
Desktop Safari 6 and below for OS X 10.8 (Mountain Lion) and below No  
Mobile Safari 5 and up for iOS 5 and up Yes Compatible by default.
Mobile Safari for iOS 4 and below No  

4819 Emperor Blvd, Suite 300 Durham, NC 27703 Voice: (919) 941-9400 Fax: (919) 941-9450