The PCI Security Standards Council has recommended that outdated insecure protocols on HTTPS connections be discontinued in favor of TLS1.2. This recommendation becomes a requirement on June 30, 2018.
In order to maintain PCI DSS compliance, Smartling will be removing support for TLS 1.0 and TLS 1.1. A small percentage of our customers’ overall Global Delivery Network traffic—approximately 2%—may be affected by this change.
What is TLS?
TLS (Transport Layer Security) is more commonly referred to as SSL (Secure Sockets Layer) and encrypts a channel between host and client to provide a secure and private connection. TLS 1.0 was first introduced in 1999, followed by TLS 1.1 in 2006. These protocols are now outdated and vulnerable to attack, and should be replaced with the newer TLS 1.2 standard.
Smartling follows industry best practices and PCI requirements. All of our Global Delivery Network (GDN) customer's termination points on the Smartling side fall within the scope of our PCI certification and we have always promptly updated the SSL/TLS stack on our load balancers to avoid security issues.
How will this affect us?
Unfortunately deprecating TLS1.0 and TLS1.1 means that some end users with outdated browsers and applications will not be able to connect to websites over HTTPS. The change will not affect any modern browser.
This upgrade is necessary to maintain the integrity of our customers’ data and to address vulnerabilities in earlier versions of TLS. Going forward, any clients communicating with Smartling’s GDN or API must be able to negotiate a connection using TLS 1.2.
How do I upgrade?
Smartling's deprecation of TLS 1.0 and 1.1 will proceed on the following timeline:
- From November 7, 2016
- all new GDN load balancers will default to using TLS 1.2.
- Existing clients will have a choice to either opt-in and make the immediate switch to a TLS1.2-only configuration, or opt-out and keep the insecure configuration for as long as possible.
- We will start contacting API customers and advise them on how to update their applications to use TLS1.2 to connect to our API.
- From February 6, 2017
- all GDN clients who did not explicitly opt out will be migrated to a TLS 1.2-only configuration.
- Clients who opt out will be taken out of Smartling's PCI scope. This is a formal change, there will be no changes in service.
- API, dashboard and other Smartling endpoints will only accept TLS 1.2 requests.
- From June 30, 2018
- All HTTPS endpoints will support only TLS 1.2.