What is TLS and SSL?
Transport Layer Security (TLS) is a cryptographic protocol designed to provide secure network communication. The primary goal of TLS is to maintain privacy and data integrity between two communicating computer or mobile applications. Secure Sockets Layer (SSL), a predecessor to TLS, is now considered flawed and insecure (See SSL 3.0 related articles in References section below)
How is TLS used in Work Market?
To access the Work Market site, all companies and workers use a TLS-enabled browser or mobile device. Any partners or integrators who rely on Work Market’s API services also rely on TLS.
What is changing?
Starting in September 2016, Work Market will disable the TLS 1.0 encryption protocol. Once disabled, TLS 1.0 can no longer be used to access the Work Market website or services.
Why are we changing?
In recent years, security researchers found a number of loopholes in the way encryption is handled, and some of the older browsers are known to be exposed to these security issues.
Work Market web and API connections, along with mobile applications and notification services, use TLS as a key component of their security.
Work Market takes great pride in protecting our customers’ data, and maintaining the highest security standards is the best way to provide the protection.
In addition, disabling TLS 1.0 is now a hard requirement for Payment Credit Industry Security Standard 3.1, an industry standard for securing systems used for credit card payments. Although the PCI Security Council extended the deadline of this implementation until June 2018, Work Market believes it is important to protect and guard customer information as soon as possible.
What is the impact?
Users and Companies are not affected by this change if one of the followings browsers are in use:
- Internet Explorer 11
- Google Chrome 40 or higher
- FireFox 34 or higher
- Safari 9 or higher
Workers and Companies need to upgrade or make custom changes to their browsers if one of the followings browsers are in use.
- Internet Explorer 8,9, or 10 (See HOWTO)
For Users and Companies using the following systems, Work Market will no longer be able to support their systems in accordance with Microsoft’s Windows lifecycle fact sheet and Microsoft Support Lifecycle.
- Windows XP, Vista, Server 2008, Server 2003, and earlier.
In the cases you have Windows systems (Windows Server 2012 or above) that are integrated with Work Market via API, you might need to update your code or configuration. Please see the following links for more details:
- .NET Library - SslProtocols Enumeration
- .NET Library - ServicePointManager.SecurityProtocol Property
- StackOverflow - Are there .NET implementation of TLS 1.2?
- This POODLE bites: exploiting the SSL 3.0 fallback (Google Security Blog)
- The POODLE Attack and the End of SSL 3.0 (Mozilla Security Blog)
- Turn Off SSL 3.0 and TLS 1.0 in Your Browser (ssl.com)
- TLS/SSL support history of web browsers (wikipedia.org)
- TLS Web Browsers (wikipedia.org)
- Attacks against TLS/SSL (wikipedia.org)
- Date Change for Migrating from SSL and Early TLS (pcisecuritystandards.org)
- Migrating from SSL and Early TLS (pcisecuritystandards.org)