*** As part of Nixle’s continuous improvements, the security configurations will be improved to protect user data. Nixle will restrict the usage of any TLS version below 1.2 starting June 12. ***
Question
What is Transport Layer Security (TLS), and what versions of TLS will Nixle support?
Answer
Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. It is widely deployed to secure or encrypt the communication between web applications and servers, such as web browsers loading a website and other applications for communications such as email, messaging, and voice over IP (VoIP). The most recent version is TLS 1.3, which was published in 2018.
How does TLS affect web application performance?
The latest versions of TLS hardly impact web application performance at all. The improvements like TLS False Start and TLS Session Resumption have helped to make TLS a very fast protocol that should not noticeably affect load times. As for the computational costs associated with TLS, they are mostly negligible by today’s standards.TLS 1.3 has made TLS even faster. TLS handshakes in TLS 1.3 only require one round trip (or back-and-forth communication) instead of two, shortening the process by a few milliseconds. When the user has connected to a website before, the TLS handshake has zero round trips, speeding it up still further.
Currently Nixle supports TLS 1.2 and TLS 1.3.
Starting on June 12, 2023, the list of TLS 1.2 ciphers supported by Nixle will be:
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
Starting on June 12, 2023, the list of TLS 1.3 ciphers supported by Nixle will be:
- AES_128_GCM_SHA256
- AES_256_GCM_SHA384
- CHACHA20_POLY1305_SHA256
What does this mean to you?
With the use of stronger encryption protocols and algorithms, we no longer officially support TLS 1.1 and certain weak ciphers in TLS 1.2 in any of our applications. If you continue to use browsers that do not support the strong TLS 1.2 and 1.3 ciphers listed above, some new and/or existing features and functionality may no longer work or the site may not load for them and be entirely inaccessible to them. Defects or performance issues that appear only when using TLS 1.1 or weaker unsupported ciphers in TLS 1.2 will not be investigated or fixed.
Impacted Nixle domains
- local.nixle.com
- sms.nixle.com
- nixle.com
- nixle.es
- www.nixle.us
- agency.nixle.com
- rss.nixle.com
- mms.nixle.com
- mo-syniverse.nixle.com
- local.api.nixle.com
What action do you need to take?
Nixle is taking every step to ensure that the supported browsers (i.e., Google Chrome, Mozilla Firefox, Internet Explorer 11+, Edge) will continue to work after the June 12, 2023 update. If you use older browser versions that by default do not support the latest encryption protocol, then we recommend that you upgrade to a newer version. For more information on troubleshooting browser issues when using non-supported TLS versions or ciphers, see knowledge article EBS: Troubleshooting Client-Side TLS Error Messages That Can Occur When Using Non-supported TLS Versions or Ciphers in Everbridge Suite
Minimum browser versions that support TLS 1.2
| Browser | TLS 1.2 Supported (Not enabled by default) |
Enabled by Default |
|---|---|---|
| Internet Explorer | Version 8.9.10 | Version 11 |
| Microsoft Edge | All versions | |
| Google Chrome | Version 29 | |
| Mozilla Firefox | Version 23.24.25.26 | Version 27 |
| Apple Safari | Version 7 |
How to check the current TLS version supported by your browser and how to upgrade to a newer TLS version
To enable TLS 1.2 protocols on web browsers, click on one of the links below:
Microsoft Internet Explorer and Microsoft Edge
- Open Internet Explorer
- From the menu bar, select Tools > Internet Options > Advanced tab
- Scroll down to the Security category and manually check the option for Use TLS 1.2
- Click OK
- Close your browser and restart Internet Explorer
Google Chrome
Connections are automatically negotiated at the highest grade in Google Chrome. This means if a client is using Google Chrome version 29 or greater, then TLS 1.2 will be automatically enabled in their browser.
Mozilla Firefox
- Open Mozilla Firefox
- In the address bar, type about:config and press Enter
- In the search field, enter security.tls. Find and double-click the entry for security.tls.version.max
- Set the integer value to 4 to force a maximum protocol of TLS 1.3
- Click OK
- Close your browser and restart Mozilla Firefox
Apple Safari
There are no options for enabling TLS protocols. If you are using Safari version 7 or greater, TLS 1.2 is automatically enabled.
Comments
0 commentsArticle is closed for comments.