Good morning all. Apologies for the technical detail below but it is important that
Windows XP and
Windows 7 users read the information below as it will impact access to the forum.
As some will know, we moved to using SSL on the server some months ago which is why you will see a little padlock symbol in your browser navigator bar. There are several variations on the SSL protocol and at the time of implementation, the only one we disallowed was the (hacked) SSLv2.
It is now time that we started to implement some of the more up to date (and secure) protocols and remove the older ones as some of them are vulnerable to attack. To this end, we are planning to remove support for
TLSv1 and
SSL3 effective from the 1st November this year.
The table below, identifies which Microsoft Operating System version have inbuilt support for TLSv1.1 which will be the lowest SSL version supported once we make the change.
As you will see
Windows XP does not have support for TLSv1.1 and this has two potential impacts:
1. People using Internet Explorer 6 will not be able to access AFF; and
2. People using other browsers
may receive errors trying to access the site.
Windows 7 does support TLSv1.1 but
it is not enabled by default and in order to use it the following steps need to be taken
regardless of which browser you normally use.
Launch Internet Explorer and navigate to
Tools -> Internet Options -> Advanced. Under the
Security section, you will see a list of SSL protocols supported by the Operating System and you will notice that a number of them are not ticked. Make sure that they are set as per the screen shot below.
Save the settings and then your normal browser should work fine with AFF post the November change.
To check SSL settings in Google Chrome:
- Click the Chrome menu button.
- Click Settings.
- Click Show advanced settings.
- Click Change proxy settings under the Network section.
- Click the Advanced tab.
- Check or uncheck the options for Use SSL as per the IE screen shot above.
- Close the Settings tab.
To set SSL in Firefox:
In Firefox you can check the minimum and maximum supported versions of TLS as follows:
In a new tab, type or paste
about: config in the address bar and press Enter. Click the button promising to be careful.
In the Search box above the list, type or paste
tls and pause while the list is filtered
To disable SSL3 and require TLS of a late enough version, double-click
security.tls.version.min and enter the desired value:
- 0 = SSL 3.0 okay
- 1 = at least TLS 1.0
- 2 = at least TLS 1.1 **this setting will be required for AFF**
To set the highest version, double-click
security.tls.version.max and enter the desired value:
- 0 = up to SSL 3.0
- 1 = up to TLS 1.0
- 2 = up to TLS 1.1 **at least this**
- 3 = up to TLS 1.2
- 4 = up to TLS 1.3
To set SSL config in Opera
Opera
Opera versions greater than 12 disable SSL3 by default, or alternatively, you may change the configuration of your browser as follows:
- Press Ctrl + F12.
- Click on “Advanced” tab.
- Click on “Security” on the left menu
- Click on “Security protocols”
- Uncheck “Enable SSL 3”
- Click “OK”
There are some other combinations that are known to have problems as they don't fully support the protocols being used. The table below identifies those that we know about and if you have one of those combinations then a browser is all that is required.
Best regards
Russ