The PCI Council on June 30, 2018, suggested that all websites will migrate from TLS 1.0 to TLS 1.1 or higher. You have probably been getting these notices for years if you have a payment gateway integrated with your website but the difference is that now it looks like the date June 30, 2018, is going to stick and not be pushed off. Although websites are upgrading, there are still some really old legacy browsers that won’t load if you are running TLS 1.1 or higher as it is a very small fraction of your web traffic. The question which arises is that will Google have problems in ranking, indexing and crawling websites using TLS 1.0 to TLS 1.1 or higher. The answer to this question is not as said by John Mueller in his tweet. He said that Google should be able to crawl it without an issue and in fact, it was covered in 2015 that Google Bot back then supported TLS 1.2 and most websites are simply going from TLS 1.0 to TLS 1.1 and not TLS 1.2. If you don’t update your via Search Console you might lose your PCI compliance but it won’t have an impact on your rankings.
TLS 1.1 provide much better protection as compared to 1.0. The changes in TLS include premature closing of the session would no longer cause it to be non-resumable, IANA registries were defined for protocol parameters, changing the way of padded errors were handled to better protect against CBC attacks, replacement of Implicit Initialization Vector (IV) with explicit 4 to add protection against Cipher Block Chaining (CBC). Whereas TLS 1.2 provide greater flexibility than 1.1 and included changes such as replacement of the MD5/SHA-1 combination in the digitally-signed element with a single hash and also improving the specifying ability of both the client’s and server regarding which hash to choose and accept, authenticated encryption for alternative data modes as an additional support, requirements for various guidelines were tightened, TLS extension definitions and support for AES cipher suites were also included in this update, SHA-256 which optionally provided the use of cipher-suite-specified PRFs were combined with pseudorandom function (PRF). Many websites are still running older versions to secure their data despite the major updates to TLS and thus putting their users at a risk. TLS 1.3 can provide even more in terms of security of user data but upgrading to TLS 1.2 is a must. It’s necessary to optimize your website according to TLS 1.1 & TLS 1.2 to rank your website higher in the search engine. To rank and look better on Google, avail the services of Best SEO Company in India.
Many users browse the web on legacy browsers which do not support the newest version of TLS and thus this arises is the need to update your TLS version. The only difference on updating to 1.2 and 1.3 version is that on updating the 1.2 TLS you will exclude a small portion of your user base and on updating the 1.3 TLS you will exclude even more of your user base from being able to access your website but the improvements in speed and security may be worth the trade-off. You must ensure that your server supports TLS 1.1 and 1.2 in the next few weeks if you use PayPal or Braintree with your e-commerce store. PayPal and Braintree will be requiring TLS 1.2 by June 30, 2018, and disabling all older protocols (TLS 1.0 and TLS 1.1, SSL v3). Your immediate concern is probably to ensure that your website doesn’t break when your payment processor while supporting the older protocols like Braintree, PayPal, Authorize.Net, etc. The new protocols in place which are already installed in each payment provider’s sandbox environment can be used to verify compliance.
If you accept SSLv3 or TLS 1.0 connections beyond June 2018, your own website needs to be compatible for a longer term but your site will not support Scanning Vendor (ASV) scan TLS 1.1 and 1.2 are not supported by default on Internet Explorer 10 or below and this is one of the primary reasons to delay. On some operating systems IE 8-10 are capable of supporting TLS 1.1 and 1.2 but the features must be manually made. Any users whose browsers do not support the new protocols will be unable to access “HTTP://” pages on your website if they turn on TLS1.0 on their server. Usage of those older versions is quickly dwindling and becoming less of concern. So in the end, it is concluded that you may not be able to process payments if your server does not support TLS 1.2 by June 30, 2018, and if your server still accepts TLS 1.0 on June 30, 2018, then you will not be PCI-compliant. Web security is constantly improving and evolving and thus keeping up to date is not only a necessary step for maintaining PCI compliance but also an important responsibility for any e-commerce store.
Contact us to work with a results-driven digital marketing agency