Keeping Your Provider Connections Secure

The Internet seems to be awash with notifications of security vulnerabilities and leaking of details these days. A lot of these vulnerabilities have been based around the SSL and TLS encryption protocols, which are starting to get a bit long in the tooth now. SSL was first invented in 1994, and TLS in 1999, and as time marches on, the earlier versions of these protocols are slowly but surely being replaced with newer ones.

Product Providers are constantly altering the security requirements on their websites and web services and dropping support for the older protocols, meaning that if your computer does not support the newer protocols and is not configured correctly, you will not be able to use these websites and services, including Contract Enquiry.

Last year, we recommended that users disable the early protocol versions for SSL and TLS, and only use TLS 1.2 as this is really the only secure protocol left in the SSL/TLS family. All others have been compromised. Unfortunately, Product Providers have not been quite so pro-active in either adopting the new versions, or dropping old versions, and this has led to some users being unable to connect to certain Providers.

With this in mind, our latest recommendations are a little bit more pragmatic.

1/ Disable all SSL protocols (SSL 2.0 and SSL 3.0)
     SSL is now deemed to be an insecure protocol, and can be easily compromised. Whilst a few platforms and providers still support SSL, they all support newer protocols, so there is no requirement to use these ever again.

internet options tls

2/ Enable all TLS protocols (TLS 1.0, TLS 1.1 and TLS 1.2)
    TLS 1.2 is the only remaining secure protocol, however there are a number of providers and plaforms that have still not adopted either TLS 1.1 or TLS 1.2. Therefore, to ensure that you can still connect to all providers and platforms you will need to be able to use all three of these protocols.

By having all three TLS protocols enabled, your computer will always attempt to connect using the latest and greatest, and downgrade only as required based on the remote server.

The above settings can easily be located in Windows 10 by clicking on the Windows "Start" button and typing "Internet Options". Once you open Internet Options, click on the "Advanced" tab and scroll all the way down to the bottom of the settings list. Simply select/de-select the boxes mentioned above and then click the 'Apply' and 'Ok' buttons to save the changes.

If you were experiencing issues with connections before this, you may need to restart JCS and any web browser sessions before trying again.