Security Advisory: Channeltivity Dropping TLS 1.0 And 1.1 Support

Starting February 20th, 2017, Channeltivity will begin disabling TLS 1.0 and 1.1. While most users won’t notice, anyone with an old web browser that doesn’t support TLS 1.2 will no longer be able to access Channeltivity.

What is TLS and why are you making this change?

TLS (Transport Layer Security) is a cryptographic protocol that encrypts communications over computer networks. Channeltivity uses TLS to secure connections between your browser and our application. All modern browsers support TLS 1.2, which is the latest and most secure version.

To maintain the highest security standards and promote the safety of customer data, we’re turning off TLS 1.0 and 1.1. This aligns with industry-wide best practices and will prevent man-in-the-middle TLS protocol downgrade attacks, which trick your browser into using old TLS versions even though TLS 1.2 is supported.

What do I need to do?

In most cases, no action is needed, as all modern browsers support TLS 1.2. Any users with unsupported browsers will need to upgrade to a modern browser to use Channeltivity. If you use single sign-on (SSO) or any of the Channeltivity APIs, make sure your systems support TLS 1.2.

Compatible Browsers

The following popular browsers support TLS 1.2 out of the box and work with Channeltivity:

  • Google Chrome
  • Microsoft Edge
  • Microsoft Internet Explorer 11
  • Mozilla Firefox
  • Safari iOS 6 and higher
  • Safari Mac 7 and higher

Incompatible Browsers

These browser do not support TLS 1.2 by default.

  • Microsoft Internet Explorer 10 and earlier
  • Safari Mac 6 and prior

 

If you have any questions or concerns, please submit a support ticket or give us a call at +1 877-226-2564 extension 1.