Secure Transport Service - (STS US) Removal of support for TLS v1.0 and v1.1

Your action is required

Secure Transport will require an upgrade to TLS 1.2 or higher by July 8, 2017 to align with Experian’s best practices for security and data integrity. On this date, we will disable TLS 1.0 and TLS 1.1. Action is required prior to this date to prevent any disruption to your ability to connect to Secure Transport.

What is TLS?

TLS stands for “Transport Layer Security.” It is a protocol that provides privacy and data integrity between servers. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification. The versions of TLS, to date, are TLS 1.0, 1.1 and 1.2.

What is the change?

To connect to Secure Transport after July 8, 2017, you will be required to upgrade to TLS 1.2, or turn “off” TLS 1.0 and TLS 1.1. On that date, we will disable the TLS 1.0 and TLS 1.1 encryption protocol, which will prevent customers still using it from accessing Secure Transport.

How will customers be impacted?

Inability to connect over TLS 1.0 and TLS 1.1 will occur after this date. TLS 1.2 will be enabled.

How can customers avoid any impact?

The action required by your organization will depend on how you currently connect to Secure Transport. For example, HTTPS users will need to have the TLS options changed in Internet Options settings under Security Settings. Disable or uncheck TLS 1.0 and TLS 1.1, and enable TLS 1.2 only in any browser (or FTP client software that you use, see page 3.).

Why is this happening?

To ensure that our systems are secure and comply with Experian’s Information and Security policy, we will disable these two TLS protocols on the date listed.

Additional Steps you can take to avoid impacts:

After the change users will still be able to connect to Secure Transport using TLS v1.2. All browsers and FTP Client software supported by Secure Transport, supports TLS v1.2.

A full list of which is availablehere

You can check if your browser supports TLS v1.2 by clickinghere

If you are presented with the Secure Transport login page, then your browser supports TLS v1.2 and no further action is required. If, however you receive an error message, then you may need to ensure your connections are updated to support TLS v1.2.

A Sample Change from Google Chrome

  1. Open Google Chrome.
  2. Click Alt F and select Settings.
  3. Scroll down and select Show advanced settings...
  4. Scroll down to the Network section and click on Change proxy settings...
  5. Select the Advanced tab.
  6. Scroll down to Security category, manually check the option box for Use TLS 1.1 and Use TLS 1.2.
  7. Click OK.

A Sample Change from WinSCP

  1. File Protocols using Encryption (FTPS), TLS/SSL Implicit or Explicit encryption
  2. Select Advanced settings...
  3. Go to Connection > TLS/SSL
  4. For Minimum TLS/SSL version: Select TLS 1.2
  5. For Maximum TLS/SSL version: Select TLS 1.2
  6. Click OK.