Important Announcement: TLS 1.0 and 1.1 Support to Be Discontinued
UPDATE 6/19/2017: In January 2017, we stopped supporting TLS 1.0. Since then, all major payment processors have announced a TLS 1.1 desupport schedule:
- Braintree: 6/30/2017
- PayPal: 6/30/2017
- Authorize.net: 9/18/2017
- WePay: 9/30/2017
Classy will desupport TLS 1.1 on August 1, 2017. This should have a very minimal effect on your organization, comprising less than 0.06% of traffic to Classy. No action is necessary on your part at this time.
UPDATE 12/10/2016: A reminder to our users: TLS 1.0 will no longer be supported after January 31, 2017. This should not affect your users or operations. Our latest numbers demonstrate traffic from unsupported browsers makes up a negligible amount of traffic.
UPDATE 6/10/2016: TLS 1.0 retirement deadlines have changed since this post was first published. The PCI Security Standards Council’s deadline requires TLS 1.0 standards be remediated by June 2018. We initially targeted this remediation to occur by June 2016, however we are moving the new retirement date to January 2017. There is no action you need to take at this time.
Classy will discontinue TLS 1.0 support in January 2017 (see above update), in keeping with the Payment Card Industry (PCI) Council’s most recent mandate. The PCI Council decides what protocols or technologies keep data safe. We care about you and your supporters, so we need to be proactive about adhering to PCI standards.
TLS 1.0 is a set of approved guidelines that keep data safe across all web-based services. Because new security vulnerabilities are found online everyday, the longer protocols are available, the more insecure sites can become over time. The PCI Council regularly reevaluates the current set of guidelines and establishes new protocols to “re-secure” data. The ever-changing state of the web and its security explains why they’re retiring TLS 1.0 and replacing it with TLS 1.1 and above.
The updates generally affect small groups of people because browsers, applications, and online services updates tend to address new security concerns. Issues occur when a user tries to access a site from an unsupported (old or out-of-date) browser.
That means our retirement of TLS 1.0 should affect a very small percentage of your donors. We estimate the overall affected group to be less than two percent of all online donors.
If a donor is using an out-of-date or unsupported browser, they won’t be able to access a Classy page or they will see a security warning when trying to access the page. This includes white-labeled pages.
What browsers are not supported by TLS 1.1 and above?
Most browsers have supported TLS 1.1 and above (TLS 1.1+) for several years.
The following browser versions do not support TLS 1.1+ by default. People using these browsers versions (and older) might not be able to access Classy or its related pages:
- Internet Explorer 10
- Google Chrome 29
- Google Android Browser 4.4
- Mozilla Firefox 27
- Safari 8
- iOS 4
Access a full list of the browsers, their version histories, and their TLS support details, here.
Is there a way I can make sure I’m prepared for the retirement of TLS 1.0?
We recommend you work with your developers to make sure your environments outside of Classy are PCI compliant.
Do I need to do anything now, or ever?
We recommend that your organization and your supporters use browsers that are TLS 1.1+ compliant and keep them up-to-date.
Clients can keep an eye on their inbox and notifications within the Classy Application for updates on PCI Compliance and TLS protocols as they become available.