Changes to TLS and cipher suites effective May 2017

As part of our ongoing mission to improve security on our hosting platforms here at GreenGeeks, we’ve made some changes to encryption and security technologies that we support for sites which use SSL certificates (aka HTTPS). These changes include both SSL’s purchased through GreenGeeks and 3rd party SSL certificates installed on hosting accounts.

Information about this Update

As of May st 2017, all websites hosted on GreenGeeks hosting platform that use SSL certiciates (HTTPS) will no longer support TLS 1.0, 1.1 along with SSL 1, 2 and 3.  In addition to this, we are no longer supporting legacy ciphers that are considered insecure. As a result, we will only support TLS 1.2 based communication.

Part of our promise to GreenGeeks customers is that we keep servers and software up-to-date and secure. Older security versions and cipher suites are vulnerable to security exploits. As a result of the changes, we can now support PCI-compliance. We have decided to follow best practices for the industry and intend to do so moving forward.

How does this change affect you and your websites

This upgrade was automatic, and therefore GreenGeeks customers will not to do anything differently or make any changes to their websites or accounts. So long as your website visitors are using fairly modern browsers, the change will not be noticeable.

This means that the majority of your websites visitors will not notice any difference in their browsing. A very small number of Internet users still use browsers that are outdated — and in reality should upgrade as soon as possible to avoid many other issues anyway.

Here are the browsers that fully support TLS 1.2:

Google Chrome 30+, Internet Explorer on Windows 7 or higher, All versions of MS Edge, Firefox 27 or higher, Safari on both Mac and iOS, Android’s built-in browser & Android Chome

and the cipher suites:

ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES256-SHA384, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA256

If you have any questions about these changes, do not hesitate to get in touch with our customer support.

Leave a Reply