Brought to you by

TLS updates – what you need to know about your security

Posted 10 months ago in Platform by Paul Macpherson
Posted by Paul Macpherson

We’re only a month into 2018 and already we’ve seen some major information security challenges with the disclosure of the Meltdown and Spectre microprocessor vulnerabilities.  This highlights once again the importance of keeping our systems up to date to keep them as secure as possible. To maintain the security of Xero, we’ll be ceasing support for older web browsers using TLS 1.0 from 31 May 2018.

What is TLS?

Transport Layer Security (TLS) is a cryptographic protocol that provides secure communications over the Internet. It’s used to secure all communications between Xero and your web browser.  TLS 1.0 has known vulnerabilities and is no longer deemed secure.  

So what does this mean for you?  

If you’re already using a recent web browser version that supports TLS 1.1 or later then there’s nothing for you to do.  But if you’re using an older web browser you should check to make sure it can support TLS 1.1.  TLS 1.2 has been available for a while now and we recommend you upgrade to this latest version if possible.  

Some of the web browsers that are commonly used are listed below (not an exhaustive list).  Check your own systems to verify that they are compatible with TLS 1.1 at a minimum.    

Browser Compatibility
Microsoft Internet Explorer (IE)
Desktop and mobile IE version 11 Compatible with TLS 1.1 or higher by default

If you see the “Stronger security is required” error message, you may need to turn off the TLS 1.0 setting in the Internet Options | Advanced Settings list.

Desktop IE versions 8, 9, and 10 Compatible only when running Windows 7 or newer, but not by default.

Windows Vista, XP and earlier are incompatible and cannot be configured to support TLS 1.1 or TLS 1.2.

Desktop IE versions 7 and below Not compatible with TLS 1.1 or higher encryption.
Mobile IE versions 10 and below Not compatible with TLS 1.1 or higher encryption.
Microsoft Edge Compatible with TLS 1.1 or higher by default.
Mozilla Firefox
Firefox 27 and higher Compatible with TLS 1.1 or higher by default.
Firefox 23 to 26 Compatible, but not by default.

Use about:config to enable TLS 1.1 or TLS 1.2 by updating the security.tls.version.max config value to 2 for TLS 1.1 or 3 for TLS 1.2.

Firefox 22 and below Not compatible with TLS 1.1 or higher encryption.
Google Chrome
Google Chrome 38 and higher Compatible with TLS 1.1 or higher by default.
Google Chrome 22 to 37 Compatible when running on Windows XP SP3, Vista, or newer (desktop), OS X 10.6 (Snow Leopard) or newer (desktop), or Android 2.3 (Gingerbread) or newer (mobile).
Google Chrome 21 and below Not compatible with TLS 1.1 or higher encryption.
Google Android OS Browser
Android 5.0 (Lollipop) and higher Compatible with TLS 1.1 or higher by default.
Android 4.4 (KitKat) to 4.4.4 May be compatible with TLS 1.1 or higher. Some devices with Android 4.4.x may not support TLS 1.1 or higher.
Android 4.3 (Jelly Bean) and below Not compatible with TLS 1.1 or higher encryption.
Apple Safari
Desktop Safari versions 7 and higher for OS X 10.9 (Mavericks) and higher Compatible with TLS 1.1 or higher by default.
Desktop Safari versions 6 and below for OS X 10.8 (Mountain Lion) and below Not compatible with TLS 1.1 or higher encryption.
Mobile Safari versions 5 and higher for iOS 5 and higher Compatible with TLS 1.1 or higher by default.
Mobile Safari for iOS 4 and below Not compatible with TLS 1.1 or higher encryption.

 

Still not sure if your web browser is compatible with TLS 1.1 or TLS 1.2?  Salesforce has created this handy browser check tool where you can check your browser’s compatibility.  Just click on the link and hopefully, you’ll see this message:

If not, you need to upgrade to a compatible browser.

 

3 comments

safari browser download
May 1, 2018 at 3.48 pm

Oh my goodness! Amazing article dude! Thank you so much, However I am going through difficulties with your RSS.
I don’t understand why I cannot subscribe to it. Is there anybody else getting identical RSS problems?
Anybody who knows the answer will you kindly respond?

Thanks!!

Paul Macpherson in reply to safari browser download Xero
May 2, 2018 at 12.04 pm

Hi Judith,

Thanks very much for your kind feedback.

Have you contacted Support about your difficulties with RSS? They’re the best placed to help you – Support.xero.com.

Regards,
Paul

kevin
July 7, 2018 at 1.58 am

my browse pass the deactivation test, however, still has TLS error problem, please advise, is it something wrong with the setting?

Leave a reply

Your email address will not be published. Required fields are marked *