Perfect Forward Secrecy is Coming
All services at Scarab Media will entirely deprecate both SSL (Secure Sockets Layer) and RC4 (Rivest Cipher 4) on all hosted services by August 11th, 2015 which will prevent potentially insecure connections used by many legacy Operating Systems, Browsers, and Email Clients. On this date all of our services will only accept TLS (Transport Layer Security) using DHE (Diffie-Hellman Exchange) and ECDHE (Elliptic-Curve Diffie-Hellman Exchange) ciphers to ensure Perfect Forward Secrecy.
Perfect Forward Secrecy negotiates a connection between you and our servers using strong ephemeral encryption, providing better security and privacy from third-parties that may intercept, monitor, record, or hijack your connection. Even if your encrypted connection is intercepted, your data is protected from prying eyes both now and long into the future, even if the secret keys to your session is compromised.
What this means for you is that you (or your eCommerce customers) may not be able to make a secure connection if using outdated software. Below is a list of minimum Operating Systems, Browsers, and Email Client versions that support Perfect Forward Secrecy:
Operating Systems
Mac OS X 10.8.5 or higher (“Mavericks” or “Yosemite” recommended)
iOS 3.0 or higher (6.0.1+ recommended)
Android 2.3 or higher (4.0.4+ recommended)
Windows Phone 7.0 or higher
Windows Vista or higher
Web Browsers
Apple Safari 6 or higher
Google Chrome 42 or higher
Mozilla Firefox 31 or higher
Internet Explorer 8 or higher (IE 11 recommended)
Email Clients
Mac Mail on OS X 10.8.5 or higher
Mozilla Thunderbird 1.5 or higher
Outlook 2007 or higher (Outlook 2003 will still work but will not be able to verify SHA2 signed email)
Blackberry 5.0+
To test if your Browser and Operating System is compatible, you can use the following resources:
Qualsys SSL Labs (SSL/TLS Browser Test)
How’s My SSL?
For more information on Perfect Forward Secrecy please refer to the following:
Forward Secrecy
Perfect Forward Secrecy – An Introduction
Pushing for Perfect Forward Secrecy
Why the Web Needs Perfect Forward Secrecy More Than Ever
Protecting Data for the Long Term with Forward Secrecy
Later this year we will be looking at forcing strong encryption on all websites, called HTTP Strict Transport Security (HSTS), redirecting all traffic from HTTP to HTTPS just as we already do for eCommerce sites hosted at Scarab Media.