2014 SSL Security & Changes

The year 2014 has kept us on our toes. It kicked off with the Heartbleed Bug, which we thought was the largest site security bug in history. Since then, we have seen numerous other issues arrise in the web technologies we have been using for decades.

IdeaBank ensures the sites we create are always up-to-date. We have a combination of automated critical updates on our servers, security alerts, and scheduled maintenance. These behind-the-scenes events often go unnoticed, but there are a couple upcoming changes, which may have an effect on your site.

SSL Updates and the End of XP Support

As you may know, Windows XP is no longer being supported by Microsoft. Shortly after it's end of life, a few major security flaws were found, which will not be patched. While we generally will accommodate certain requests for older browser support, we can no longer provide support for Windows XP environments. The main reason for this decision is server security standards.

The release of the POODLE vulnerability, and the deprecation of SSLv3, has resulted in older browsers not having the capability to process the newer TLS standards. This is vulnerability came at the time of another major change, which is the requirement of 256-bit SSL encryption.

256-bit SHA-2 SSL encryption is a higher standard of SSL, which is not supported in older browsers. Google and Microsoft both announced they will start flagging sites using the old SHA-1 128-bit encryption as insecure.

How This Affects You

You probably won't notice anything at all. These changes are already taking place, and you will be running on the same standards as most all other websites. IdeaBank will keep monitoring your site's security, and inform you of any additional changes in browser support. You should not really see any major effects on your visitors, as XP usage is rapidly declining since it's deprecation.