Last year, we announced our deprecation plan for TLS 1.0 and 1.1 with a timeline that was driven by the PCI DSS v3.1 standard. Since our original post, the PCI Security Standards Council has updated their guidance and now will not require full deprecation of TLS 1.0 and 1.1 until June 30th, 2018. Because approximately 14% of the TLS traffic on the Fastly network runs on protocols that would be affected by this change, we are revising our deprecation schedule to institute a phased approach and to give our customers more control over the TLS protocols supported within their environments. This will help ensure your ongoing security and that of your customers.
Here is our revised schedule for deprecating TLS 1.0 and 1.1:
- By June 30, 2016, we will provide a way for customers who wish to enforce stricter security standards to migrate to hosts that only allow the use of TLS 1.2 for encrypted communication. The Fastly network will default to supporting all versions of the TLS protocol.
- On January 9, 2017, our entire network will default to only allowing TLS 1.2 for encrypted communication; however, we will provide a way for customers who still require TLS 1.0 and 1.1 to migrate to hosts that support it.
- As of January 9, 2017, the Fastly app and API will only support TLS 1.2.
- On June 30, 2018, in accordance with the revised deadline published by the PCI Security Standards Council, we will disable all support for TLS 1.0 and 1.1.
In addition, we will continue to monitor the state of attacks on TLS 1.0 and 1.1 and will adapt our timeline as required to mitigate protocol-level vulnerabilities.
If you have any questions or would like to use TLS protocol options other than those enforced by our network defaults, please contact our team. We’ll keep you updated when the option to use non-default protocols is available.
You may also like:
Introducing Fastly Security Advisories
Today we’re announcing Fastly Security Advisories. Fastly will publish these to address security concerns that either trigger customer interest or require customer action to address.
Introducing the Fastly Security Speaker Series
Today we’re announcing the Fastly Security Speaker Series, an informal event for bringing together researchers and engineers to share research, tools, and ideas. Fastly will bring some of the most innovative and thoughtful security researchers…
Securing online transactions: announcing our plan for TLS 1.0 and 1.1 deprecation
The PCI DSS 3.1 standard has changed. In order to keep you up-to-date and secure online, we’re announcing our plan for TLS 1.0 and 1.1 deprecation.