Know why TLS upgrade is crucial

Know why TLS upgrade is crucial

Why TLS upgrade

The upgrade to TLS 1.2 or higher marks a ground breaking progress on current security policy representing a major departure from the TLS and secure encryption socket layer (SSL) protocols. So the answer to, why TLS upgrade is crucial that updated version has been approved by the Internet Technology Task Force (IETF) to avoid the taking of bugs and flaws in other existing cryptography models. The TLS update offers a number of advantages including fast protocol streaming, secure primitives and enhanced speed and efficiency.

It’s been a priority for several e-commerce and Digital organisations being able to provide secure data storage and transmit information over the Internet without intrusion, modification and unauthorised use or downloading by anyone outside the intended recipient. Such issues have contributed to changes to many Internet security protocols.

What is TLS?


TLS
is an acronym for transport layer security that refers to crypto-graphical protocols that provide secure communication over the Internet. For connectivity over a network computer, TLS simplifies data security and privacy. TLS has been built from SSL and is often sparingly used with TLS.
The hypertext transfer protocol secure (HTTPS) is a TLS crypting program that is built on top of the HTTP protocol on each web site and certain web services. The security encryption protocol for transport layer helps secure web applications, including DDoS attacks and data violations, from potential risks.

What if I don’t switch to TLS 1.2 or higher?

Not upgrading to latest TLS is that, you are placing the customers data at risk. The effects of not being a PCI complainant and experiencing a data breach can include penalties and the ability to process credit card transactions can be revoked.

Then, after a stipulated period, website services that needs to run TLS 1.2 or higher, the sites will be non-functional, hence affecting work, payment processing, shipping rates or other real-time data if TLS 1.2 is not implemented.

How can I tell if my site is SECURED?

You are mostly covered when using a host solution for your eCommerce site. But if you use a third party for a custom-built solution, then your security must be checked with the hosting provider of that solution if it is prone to vulnerability.

What Next ?

TLS 1.0 and TLS 1.1 protocols will be removed from browsers at the beginning of 2020. As there are no fixes or patches that can adequately fix SSL or deprecated TLS, it is critically important that organizations upgrade to a secure alternative as soon as possible.

Various Browser clients have provided approximate deadlines for disabling TLS 1.0 and TLS 1.1 protocol:

Browser Name Date
Microsoft IE and Edge First half of 2020
Mozilla Firefox March 2020
Safari / Webkit March 2020
Google Chrome January 2020

Best practices outlined in RFC-7525 give reasons why it is discouraged to use protocol TLS 1.0 and TLS 1.1. PCI-DSS recommends users to switch from protocol TLS 1.0 and adopt protocol TLS 1.2+.

Following table shows for each browser the percentage of connections made to SSL/TLS servers using protocol TLS 1.0 and TLS 1.1:

Browser/Client Name Percentage (%) – Both TLS 1.1 and TLS 1.0
Microsoft IE and Edge 0.72%
Mozilla Firefox 1.2%
Safari/Webkit 0.36%
Google Chrome 0.5%
SSL Pulse November 2018 5.84%


SSL Labs Grade Change

To encourage users to migrate to protocol TLS 1.2+ and remove protocol TLS 1.1 and TLS 1.0 from servers, SSL Labs will lower the grade for SSL/TLS servers which use TLS 1.1 and TLS 1.0.

TLS 1.0 Grade change date:

  • A warning will be displayed for downgrading to grade “B” by end of September 2019
  • Grade will be changed to “B” by end of January 2020

TLS 1.1 Grade change date:

  • In Configuration->Protocols section “TLS 1.1” text color will be changed to Orange by end of November 2018
  • A warning will be displayed for downgrading to grade “B” by end of September 2019
  • Grade will be changed to “B” by end of January 2020

Existing Grades Sample

Server Configuration Grade
TLS 1.2, TLS 1.1, TLS 1.0 + HSTS + No Warning + TLS_FALLBACK_SCSV A+
TLS 1.2, TLS 1.1, TLS 1.0 + HSTS + No Warning + No support for TLS_FALLBACK_SCSV A
TLS 1.2, TLS 1.1, TLS 1.0 + HSTS + Warnings + No support for TLS_FALLBACK_SCSV A-


Future Grades Sample

Server Configuration Grade
TLS 1.2, TLS 1.1, TLS 1.0 + HSTS + No Warning + TLS_FALLBACK_SCSV B
TLS 1.2, TLS 1.1, TLS 1.0 + HSTS + No Warning + No support for TLS_FALLBACK_SCSV B
TLS 1.2, TLS 1.1, TLS 1.0 + HSTS + Warnings + No support for TLS_FALLBACK_SCSV B
TLS 1.2 + HSTS + No Warning + TLS_FALLBACK_SCSV A+
TLS 1.2 + HSTS + No Warning + No support for TLS_FALLBACK_SCSV A
TLS 1.2 + HSTS + Warnings + No support for TLS_FALLBACK_SCSV A-

 

References

Get Sysfore Cloud Managed Services For Your Enterprise

Sysfore, A Microsoft Cloud solution provider and a Gold Partner, uses leading network, technology, and service expertise to deliver our service anytime, virtually anywhere, quickly and efficiently. We have helped over 80 small enterprises and 30 mid-sized enterprises across the globe for a successful cloud migration in the past 8 years. Contact one of our experts today and we will help you find the perfect solution for your business. Write to us at info@sysfore.com or give us a call at +91 (80) 4110 5555.

 

Achieving Application Portability with PaaS

Today, Platform-as-a-Service (PaaS) is increasingly gaining popularity as a Public Cloud offering compared to Infrastructure-as-a-Service (IaaS) because of its simple operations and lower costs. These days, most PaaS customers get locked-in because of the specialized OS or middleware features but for the customers looking for flexibility in working across multiple Cloud platforms and providers, a portable PaaS environment is a feasible choice.

Before we see how organizations can implement a portable PaaS model, let’s first see the primary reasons behind the adoption of PaaS services:

  • Lesser costs of licensing and supporting because of the pre-installed OS and middleware.
  • Streamlined Hybrid Cloud deployment with standardized application services.
  • Improved application performance and functionality by creating a PaaS environment within the IaaS Cloud using the available web services.

How a portable PaaS model fairs across these three areas and how it moves within the various cloud and private environments is important but a single PaaS approach might not be enough to address this. Thus, enterprises need to prioritize their PaaS goals and combine different options to create the desired PaaS environment.

 

Here are the top 4 ways to achieve a Portable PaaS model:

Adopt Container Technology for Application Hosting: The container architectures share the Operating System, but the middleware and file system elements can be copied to each container to standardize the middleware across container images. This allows the creation of specialized container images for the application and the component which can then be moved across environments to be run on any container system hosted in Cloud or the Data Center. Read more

Sysfore Case Study – SAP on Microsoft Azure

This case study is on a  global technology consulting firm, focused on leveraging emerging technologies for innovation and application modernization in Banking & Finance, Utilities, CPG, Retail, Technology, Media and Entertainment Industries. It partners with companies to identify new technology strategies to help businesses transform, in order to advance performance and competitiveness. They have over 100 clients globally.

Scenario:

A Global Technology Consulting firm used Microsoft Azure to migrate their existing SAP workload to the cloud, offering them redundancy, flexibility and scalability.

Business Needs:

The client’s internal and external training programs and demos use SAP IDES (Internet Demonstration & Evaluation System), which are demo systems running SAP modules and applications for training purposes. Accessing these internal training programs across different global locations posed hurdles in connectivity as their standalone SAP servers were unreachable and lacked redundancy/fault tolerance. Implementing SAP on-premise brought additional challenges like delays, security, scalability and capacity planning.
Read more