Continue reading " />

Perfect Forward Secrecy is Coming

PadlockAll services at Scarab Media will entirely deprecate both SSL (Secure Sockets Layer) and RC4 (Rivest Cipher 4) on all hosted services by August 11th, 2015 which will prevent potentially insecure connections used by many legacy Operating Systems, Browsers, and Email Clients. On this date all of our services will only accept TLS (Transport Layer Security) using DHE (Diffie-Hellman Exchange) and ECDHE (Elliptic-Curve Diffie-Hellman Exchange) ciphers to ensure Perfect Forward Secrecy.

Perfect Forward Secrecy negotiates a connection between you and our servers using strong ephemeral encryption, providing better security and privacy from third-parties that may intercept, monitor, record, or hijack your connection. Even if your encrypted connection is intercepted, your data is protected from prying eyes both now and long into the future, even if the secret keys to your session is compromised.

What this means for you is that you (or your eCommerce customers) may not be able to make a secure connection if using outdated software. Below is a list of minimum Operating Systems, Browsers, and Email Client versions that support Perfect Forward Secrecy:

Operating Systems

Mac OS X 10.8.5 or higher (“Mavericks” or “Yosemite” recommended)
iOS 3.0 or higher (6.0.1+ recommended)
Android 2.3 or higher (4.0.4+ recommended)
Windows Phone 7.0 or higher
Windows Vista or higher

Web Browsers

Apple Safari 6 or higher
Google Chrome 42 or higher
Mozilla Firefox 31 or higher
Internet Explorer 8 or higher (IE 11 recommended)

Email Clients

Mac Mail on OS X 10.8.5 or higher
Mozilla Thunderbird 1.5 or higher
Outlook 2007 or higher (Outlook 2003 will still work but will not be able to verify SHA2 signed email)
Blackberry 5.0+

To test if your Browser and Operating System is compatible, you can use the following resources:

Qualsys SSL Labs (SSL/TLS Browser Test)
How’s My SSL?

For more information on Perfect Forward Secrecy please refer to the following:

Forward Secrecy
Perfect Forward Secrecy – An Introduction
Pushing for Perfect Forward Secrecy
Why the Web Needs Perfect Forward Secrecy More Than Ever
Protecting Data for the Long Term with Forward Secrecy

Later this year we will be looking at forcing strong encryption on all websites, called HTTP Strict Transport Security (HSTS), redirecting all traffic from HTTP to HTTPS just as we already do for eCommerce sites hosted at Scarab Media.

Leave a Response

Please note: comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.