Skip to main content Skip to navigation

Disabled TLS 1.0 and 1.1 for Warwick web applications

We have disabled TLS 1.0 and 1.1 encryption protocols across the University's web services. Doing so prevents these protocols from being used to access Warwick websites via an insecure web browser or application. We made this change to keep the University's sites safe and secure.

When does this happen?

Date Action
23 May 2017 Customers making an online payment can only do so using a browser that supports TLS 1.2.
3 July 2017 We disabled TLS 1.0 connections to our transaction tracking system onlinepayment.warwick.ac.uk
8 August 2017 We disabled TLS 1.0 connections to Single Sign-on and our identity provider. It's no longer possible to sign in to web services using a browser that only supports TLS 1.0.
5 March 2018
We disabled TLS 1.0 connections to all other web services.
25 June 2018 We disabled TLS 1.0 and 1.1 connections to all web services. Only TLS 1.2 connections are accepted.

What do I need to do?

When accessing websites using a web browser, ensure you use the latest available version of the browser – whether that is Internet Explorer, Google Chrome, Mozilla Firefox, Safari or another browser. Using the newest version keeps you safe online because they have current security settings.

For advice on how this change might impact you and recommended actions to take, refer to the following pages:

Why make this change?

Although TLS 1.0, when configured correctly, has no known security vulnerabilities, newer protocols are designed better to address the potential for new vulnerabilities.

The PCI Data Security Standard 3.1 recommends disabling “early TLS”:

“SSL and early TLS are not considered strong cryptography and cannot be used as a security control after June 30, 2016 [without a mitigation strategy for disabling it before June 2018].

[...]

The best response is to disable SSL entirely and migrate to a more modern encryption protocol, which at the time of publication is a minimum of TLS v1.1, although entities are strongly encouraged to consider TLS v1.2.”

We need to be PCI-compliant to take online payments at the University. It is not sufficient to merely disable TLS 1.0 on our transaction tracking system as the requirement extends to any system that initiates a payment, including car parking, printer credits, the Warwick website, and so on.

For the best experience using our applications, we recommend that you use the latest version of one of the following browsers:

Google Chrome

Google Chrome

Mozilla Firefox

Mozilla Firefox

Internet Explorer

Internet Explorer 11

Edge

Edge

Opera

Opera

Safari

Apple Safari for Mac (Safari on Windows is not supported)