On November 27th 2018, we deprecated wide support for TLS 1.0 and TLS 1.1 on the TwentyThree platform. The follows similar deprecations of older encryption standards, ciphers and methods in years prior—and is part of an ongoing effort to optimize security and protect user data. This change was first announced in April 2018.

TLS and SSL are encryption protocols that form the basis for HTTPS traffic on the internet. To work, both servers and clients must support and enable these protocol and over time upgrading has been required as significant security vulnerabilities were been discovered in older methods. The TLS 1.0 protocol was created in 1999 and slightly updated in 2006. Since the summer of 2018, the TLS 1.0 method is no longer accepted by the industry's widely accepted PCI standard, and use of TLS 1.1 is strongly discouraged by the same recommendation. Similarly, the IETF is formally deprecating both versions 1.0 and 1.1.

Going ahead the TwentyThree platform supports HTTPS and HTTP/2 traffic over TLS 1.2, a standard from 2008, which is widely supported by all modern browsers and programming languages. Some server-side libraries may need to be updated to communicate through TLS 1.2 (see for example this guidance on PHP, TLS 1.2 and PCI).

If you have any questions in regard to these changes, feel free to reach out to TwentyThree Support.