You appear to be offline. Some site functionality may not work.
Sign Up
Introducing Fastly Security Advisories
Introducing the Fastly Security Speaker Series
Securing online transactions: announcing our plan for TLS 1.0 and 1.1 deprecation

Update to our TLS 1.0 and 1.1 deprecation plan

By Sean Leach | February 3, 2016 | Security

Note: here's the latest update to our TLS 1.0 deprecation plan. 

Last year, we announced our deprecation plan for TLS 1.0 and 1.1 with a timeline that was driven by the PCI DSS v3.1 standard. Since our original post, the PCI Security Standards Council has updated their guidance and now will not require full deprecation of TLS 1.0 and 1.1 until June 30th, 2018. Because approximately 14% of the TLS traffic on the Fastly network runs on protocols that would be affected by this change, we are revising our deprecation schedule to institute a phased approach and to give our customers more control over the TLS protocols supported within their environments. This will help ensure your ongoing security and that of your customers.

Here is our revised schedule for deprecating TLS 1.0 and 1.1:

  • By June 30, 2016, we will provide a way for customers who wish to enforce stricter security standards to migrate to hosts that only allow the use of TLS 1.2 for encrypted communication. The Fastly network will default to supporting all versions of the TLS protocol.
  • On January 9, 2017, our entire network will default to only allowing TLS 1.2 for encrypted communication; however, we will provide a way for customers who still require TLS 1.0 and 1.1 to migrate to hosts that support it.
    • As of January 9, 2017, the Fastly app and API will only support TLS 1.2.
  • On June 30, 2018, in accordance with the revised deadline published by the PCI Security Standards Council, we will disable all support for TLS 1.0 and 1.1.

In addition, we will continue to monitor the state of attacks on TLS 1.0 and 1.1 and will adapt our timeline as required to mitigate protocol-level vulnerabilities.

If you have any questions or would like to use TLS protocol options other than those enforced by our network defaults, please contact our team. We’ll keep you updated when the option to use non-default protocols is available.

Introducing Fastly Security Advisories
Introducing the Fastly Security Speaker Series
Securing online transactions: announcing our plan for TLS 1.0 and 1.1 deprecation

Author

Sean Leach | SVP of Product

Sean is SVP of Product at Fastly, where he is responsible for the Fastly product roadmap definition and execution. His current research focus is on DNS, DDoS, web/network performance, internet infrastructure, and combating the massive Internet security epidemic.

seanleach

Ask us a question

Learn how Fastly can help you stay secure, fast, and reliable online.

Get in touch

Get Fastly news and industry insights with our newsletter

Thanks for subscribing.