Difference between revisions of "TLS"
m (→Notice of upcoming changes to SSL/TLS connectivity policy - 3-Feb-2021: Minor consistency fix) |
(→Notice of upcoming changes to SSL/TLS connectivity policy - 3-Feb-2021: Pushed deprecation date back 1 month) |
||
Line 1: | Line 1: | ||
=Notice of upcoming changes to SSL/TLS connectivity policy - 3-Feb-2021= | =Notice of upcoming changes to SSL/TLS connectivity policy - 3-Feb-2021= | ||
− | Effective ''' | + | Effective '''Thursday, April 1st, 2021''', in keeping with the official industry standard, we will officially deprecate use of + stop supporting TLS 1.0 and TLS 1.1 on all Xertion IRC servers. Users whose IRC clients continue to use this protocol after this date '''''WILL''''' encounter connection errors. We '''''STRONGLY''''' recommend you upgrade your IRC client to the latest available versions in order to support '''''AT LEAST TLS 1.2''''' or better. You need at least '''mIRC version 7.61 or better''', or '''HexChat version 2.14.2, 2.14.3 or better'''. If using Linux please be sure your IRC client uses an OpenSSL library of at LEAST the 1.1.x series, as we are unable to guarantee that older versions of this library will work with our servers after the deprecation date.<br /> |
==Why is Xertion making this change?== | ==Why is Xertion making this change?== | ||
− | Xertion aims to achieve as much compatibility as possible while still providing a reasonable level of security. However, with the full rollout of TLS 1.3 support on Xertion, and the significant number of vulnerabilities and bugs that are known to exist in TLS 1.0, we feel now is the time to bring our security standards in line with the rest of the industry. Support for TLS 1.0 has long since been deprecated by other vendors in their products (including operating systems), and the PCI Council has already strongly suggested migration to higher protocols.<br />In keeping with the industry standard, Xertion will officially stop supporting TLS 1.0 and TLS 1.1 as of ''' | + | Xertion aims to achieve as much compatibility as possible while still providing a reasonable level of security. However, with the full rollout of TLS 1.3 support on Xertion, and the significant number of vulnerabilities and bugs that are known to exist in TLS 1.0, we feel now is the time to bring our security standards in line with the rest of the industry. Support for TLS 1.0 has long since been deprecated by other vendors in their products (including operating systems), and the PCI Council has already strongly suggested migration to higher protocols.<br />In keeping with the industry standard, Xertion will officially stop supporting TLS 1.0 and TLS 1.1 as of '''Thursday, April 1st, 2021'''. If you use old versions of IRC clients and you wish to connect securely, you will be required to update your client to its latest available version to continue doing so. Otherwise, TLS connections to Xertion will begin failing after that date. The recommended versions are listed above. '''If you connect to Xertion on one of its TLS ports (6697, 9998, or 9999), you are 'HIGHLY ENCOURAGED' to upgrade your IRC client to its latest available version as soon as possible in order to avoid disruption.'''<br /><br /><span style="color: rgb(255, 0, 0);" data-mce-style="color: #ff0000;">'''If you connect to Xertion on port 6697, 9998, or 9999 (our TLS ports), PLEASE be sure your IRC client is upgraded and supports TLS 1.2 or TLS 1.3 prior to April 1st, 2021! Any IRC client that uses any version of OpenSSL 1.1.1 for TLS support is sufficient, we recommend mIRC 7.61 or better, or HexChat 2.14.2 or better. If you need help ensuring you have the latest possible version of your chosen IRC client please reach out to Xertion support - you can either reach out to us on the network in #help, or if no staff is around, email [mailto:admin@xertion.org admin@xertion.org] and we'll return a response to you as soon as we can.'''</span> |
==Where can I get more information?== | ==Where can I get more information?== | ||
You may find more details on the general nature of TLS 1.0 and security recommendations at the following links: | You may find more details on the general nature of TLS 1.0 and security recommendations at the following links: |
Latest revision as of 20:42, 23 March 2021
Notice of upcoming changes to SSL/TLS connectivity policy - 3-Feb-2021
Effective Thursday, April 1st, 2021, in keeping with the official industry standard, we will officially deprecate use of + stop supporting TLS 1.0 and TLS 1.1 on all Xertion IRC servers. Users whose IRC clients continue to use this protocol after this date WILL encounter connection errors. We STRONGLY recommend you upgrade your IRC client to the latest available versions in order to support AT LEAST TLS 1.2 or better. You need at least mIRC version 7.61 or better, or HexChat version 2.14.2, 2.14.3 or better. If using Linux please be sure your IRC client uses an OpenSSL library of at LEAST the 1.1.x series, as we are unable to guarantee that older versions of this library will work with our servers after the deprecation date.
Why is Xertion making this change?
Xertion aims to achieve as much compatibility as possible while still providing a reasonable level of security. However, with the full rollout of TLS 1.3 support on Xertion, and the significant number of vulnerabilities and bugs that are known to exist in TLS 1.0, we feel now is the time to bring our security standards in line with the rest of the industry. Support for TLS 1.0 has long since been deprecated by other vendors in their products (including operating systems), and the PCI Council has already strongly suggested migration to higher protocols.
In keeping with the industry standard, Xertion will officially stop supporting TLS 1.0 and TLS 1.1 as of Thursday, April 1st, 2021. If you use old versions of IRC clients and you wish to connect securely, you will be required to update your client to its latest available version to continue doing so. Otherwise, TLS connections to Xertion will begin failing after that date. The recommended versions are listed above. If you connect to Xertion on one of its TLS ports (6697, 9998, or 9999), you are 'HIGHLY ENCOURAGED' to upgrade your IRC client to its latest available version as soon as possible in order to avoid disruption.
If you connect to Xertion on port 6697, 9998, or 9999 (our TLS ports), PLEASE be sure your IRC client is upgraded and supports TLS 1.2 or TLS 1.3 prior to April 1st, 2021! Any IRC client that uses any version of OpenSSL 1.1.1 for TLS support is sufficient, we recommend mIRC 7.61 or better, or HexChat 2.14.2 or better. If you need help ensuring you have the latest possible version of your chosen IRC client please reach out to Xertion support - you can either reach out to us on the network in #help, or if no staff is around, email admin@xertion.org and we'll return a response to you as soon as we can.
Where can I get more information?
You may find more details on the general nature of TLS 1.0 and security recommendations at the following links: