We’re dropping TLS 1.0 support in January

Published 2017-12-01 by Jochen Lillich

The SSL protocol and early versions of its successor TLS have many known vulnerabilities. In recent years, exploits like POODLE, BEAST or Logjam got wide public attention, and on our edge routers, we’ve disabled many a cipher and hash algorithm that turned out to be too weak for proper web security.

The freistilbox edge routers receive web requests from the internet and pass them on to the freistilbox cluster running the respective website. In between, they decrypt inbound HTTPS requests and encrypt the outbound responses. This method named “SSL termination” takes computational load off the rest of our managed hosting platform and allows us to optimise these servers for high-performance cryptography.

With TLS 1.0, we’re now going to say goodbye to a whole protocol version. It has long been known as insufficient for secure data transfer, and its use is expressly advised against by industry guidelines like the Payment Card Industry Data Security Standards (PCI DSS). In its Appendix A2, PCI DSS v3.2 states that

  • New implementations must not use SSL or early TLS as a security control.
  • All service providers must provide a secure service offering by June 30, 2016.
  • After June 30, 2018, all entities must have stopped use of SSL/early TLS as a security control, and use only secure versions of the protocol.

At freistilbox, we’ve been providing our customers with the highest quality in secure data transfer and DDoS protection for many years. In order to ensure this quality for the future, we’re going to end TLS 1.0 support on January 31st 2018.

After this date, our edge routers will not accept incoming connections using the TLS 1.0 protocol anymore. While TLS 1.0 is no longer a requirement for most web applications, we ask all our customers to make sure in due time that the proper operation of their web applications does not depend on TLS 1.0 being available. You can use websites like How’s My SSL where you can check the compatibility of your web browsers and other HTTP clients. And if you need help, please don’t hesitate to contact our technical support team.