Early TLS deprecation

Since before PCI DSS 3.2 was published, Section has provided delivery infrastructure with early TLS protocol versions disabled to allow customers to adopt the PCI requirements ahead of the June 2018 deadline. For many other customers though, disabling early TLS would have prevented too many visitors from being able to access, or complete transactions, on their websites.

In the past 18 months, the usage of TLS 1.0 and 1.1 has declined, partly due to browsers and operating systems being updated to prefer modern TLS, and partly due to pressure to abandon older devices and operating systems as popular sites have stopped supporting these older TLS versions.

As the 30th June 2018 approaches, Section will be adopting the PCI TLS protocol recommendations for all delivery infrastructure platform-wide, thereby discontinuing TLS 1.0 and 1.1 for all sites.

If you’re concerned about the impact this will have on your site, you can see which requests are using early TLS via the “tls_protocol” field in the Section edge access logs. If you have systems that are dependent upon TLS 1.0 or 1.1, please contact us for advice about alternative options.

At the time of writing, TLS 1.0 usage represents less than 1% of all requests through the Section platform and the vast majority of that traffic appears to come from automated bots, not real users. TLS 1.1 usage is negligible.

Similar Articles