Starting the week of Monday, July 9th, Transport Layer Security (TLS) version 1.0 will be permanently disabled on the VIP Go platform.
What is TLS?
Transport Layer Security (TLS) is a cryptographic protocol used to establish a secure communications channel between two systems. It is used to authenticate one or both systems, and protect the confidentiality and integrity of information that passes between systems. It was originally developed as Secure Sockets Layer (SSL) by Netscape in the early 1990s. Standardized by the Internet Engineering Taskforce (IETF), TLS has undergone several revisions to improve security to block known attacks and add support for new cryptographic algorithms, with major revisions to SSL 3.0 in 1996, TLS 1.0 in 1990, TLS 1.1 in 2006, TLS 1.2 in 2008, and TLS 1.3 in 2018.
What’s wrong with TLS 1.0?
There are many potential vulnerabilities in early TLS that, left unaddressed, put sites at risk. The widespread POODLE and BEAST exploits are just a couple of examples of how attackers have taken advantage of weaknesses in early TLS to compromise organizations. As of June 30, 2018 the PCI Data Security Standard (PCI DSS) also recommended disabling TLS 1.0.
Why disable TLS 1.0 now?
The VIP Go platform has protected against potential TLS 1.0 vulnerabilities for a long time. While there is no immediate practical risk in using TLS 1.0, our security team has been monitoring real-world TLS 1.0 usage patterns and usage is low enough that now is right to move forward with this change.
How will disabling TLS 1.0 impact me?
The impact is expected to be very small. In our tests, less than 5% of total traffic is impacted, with the majority of that being bots. Once TLS 1.0 is disabled, your site will no longer be accessible within the following browser/platform combinations…
- Desktop Safari versions 6 and below for OS X 10.8 (Mountain Lion) and below
- Desktop IE versions 7 and below
- Desktop IE versions 8, 9, and 10 – compatible only when running Windows 7 or newer, but not by default
- Firefox 23 to 26 – compatible, but not by default
- Firefox 22 and below
- Google Chrome 22 to 37 – compatible when running on Windows XP SP3, Vista, or newer (desktop), OS X 10.6 (Snow Leopard) or newer (desktop), or Android 2.3 (Gingerbread) or newer (mobile)
- Google Chrome 21 and below
- Google Android browser, Android 4.4 (KitKat) and below
- Desktop Safari versions 6 and below for OS X 10.8 (Mountain Lion) and below
- Mobile Safari for iOS 4 and below
If you have any questions, please open a support ticket and we’ll be happy to assist.
Update: TLS 1.0 was disabled on Wednesday, July 11th.
WordPress VIP Lobby 
Can we know at what time it is disabled?