Transport Layer Security (TLS) is commonly used to secure the delivery of data across the internet and prevent the potential for that data to be hijacked, reviewed, and/or altered. It’s the evolution of Secure Socket Layers (SSL) and is technically the successor to SSL. As with any internet technology, TLS has evolved in the last 30 years, with TLS 1.2 being the current specification, and 1.3 currently in development.
Way back in 2019 let customers know that TLS 1.0 and 1.1 had been retired, and how companies like Microsoft, Google, and Apple, as well as financial and governmental institutions were removing support for these deprecated encryption methods. As a company, we also took steps to eliminate support for TLS 1.0 and 1.1 across our products, websites, servers, and infrastructure. We did this in order accommodate the various compliance requirements of our customers, regardless of their industry.
Thankfully, we understood that legacy TLS methods were going away, so we implemented TLS 1.2 support way back in 2015 for the following products and versions:
- SmarterMail 14.2
- SmarterTrack 11.5
- SmarterStats 11.0
We’re now at the point where we need to completely remove support for TLS 1.0 and 1.1. The last place we still support these encryption methods is for product activations. We’ve kept support for 1.0 and 1.1 because we know that not all our customers are able to keep their own systems updated and secured. However, there are so many security implications with continuing to support deprecated encryption methods that we must act.
Therefore, beginning March 1, 2024, we will no longer support TLS 1.0 or 1.1 on our activation servers.
What Does This Mean for You
If you are running a recent version of our products, you will see ZERO impact. You will still be able to automatically activate your products just as you always have.
If you are running any SmarterTools product EARLIER than the ones listed above, you will need to contact us for a manual activation if you move your installation to a new server or need to reactivate. You can still activate a legacy SmarterTools product, you will just need to contact our sales or support department first – you will not be able to automatically activate.
It’s crucial that system administrators keep any system they manage and maintain updated and secured. With regards to something like continuing to use TLS 1.0 and 1.1, this can cause issues for a company, especially in industries that have compliance schedules and security scans. For example, PCI compliance is important for any website that processes credit card payments as PCI compliance helps protect payment data. Insecure systems can fail, which impacts a website’s ability to process credit cards, directly impacting a business’s finances. Additionally, if a company has cyber liability insurance, underwriters of these policies are using third parties to scan domains and IP addresses looking for vulnerabilities. If found, it can prevent either the issuance of a cyber liability policy or its renewal, opening up a business to a significant financial impact if an issue occurs.
Ending support for TLS 1.0 and 1.1. is just another example of why it’s critical for you to keep Maintenance and Support active and to keep every piece of software you use updated and secured. If you are running legacy versions of ANY SmarterTools product, we strongly advise you to contact our sales team and find out what you need to do to upgrade to the latest version of SmarterMail, SmarterTrack, or SmarterStats.
Remember, the internet is constantly changing. New threats and new vulnerabilities are found constantly. A good amount of our time is spent staying on top of these threats and vulnerabilities so we can improve our products and introduce new ways to keep you and your users protected. Whenever possible, we’ll keep you updated and informed as well.