Gumlet now serves more than 3 million images to more than 500 websites in a single day and we can't overlook security measures. We always secure image delivery by implementing end-to-end security to deliver your images. We want to enhance the security further therefore we are announcing today that we will be deprecating use of TLS 1.1 starting from today.
What is TLS?
TLS stands for Transport Level Security which is a protocol used to secure communication between two computers. It decides the ciphers used while encrypting communication among many other things.
Why are we deprecating TLS 1.1?
TLS 1.0 and TLS 1.1 were published in 1999 and 2006 respectively and are considered unsafe today. When we launched Gumlet in 2018, we never allowed use of TLS 1.0 due to its insecure nature. September 2019 is the month when many cloud services providers like Salesforce are deprecating use of TLS 1.1. PCI DSS also recommends use of TLS 1.2 as minimum version for secure communications over internet. In fact most of the browsers will start deprecating support for TLS 1.1 from start of 2020. We have conducted our research and found that TLS 1.1 is used for less than 0.5% of users but it poses major security threat for our customers. Hence, we will be deprecating TLS 1.1 protocol starting from today.
What this means for you?
Most browsers have been supporting TLS 1.2 for at least a few versions with the exception of Internet Explorer. The most recent version (IE 11) does indeed support TLS 1.2 however in versions 8-10 TLS 1.2 must be enabled manually and it is not supported in versions prior to 7.0.
In the event that a visitor is using a version of IE prior to 11, we recommend that you ask them to upgrade to the latest version or change browsers. If this is not possible, IE versions 8-10 do have an option under Tools > Internet Options > Advanced to enable the Use of TLS 1.2.
TLS 1.2 and TLS 1.3 (coming soon)
We will be supporting only TLS 1.2 for HTTPS connection to our CDN network. We have also changed our internal infrastructure to support only TLS 1.2 while communicating between our CDN edge nodes and our origin servers.
TLS 1.3 is next major version of TLS which is even more secure and faster. It reduces latency by reducing round trips to server. You can read more about TLS 1.3 here. We are working to bring TLS 1.3 to our customers as soon as possible and we will announce release on this blog as soon as it becomes available.
Any other changes?
Yes, we have found that we are serving less than 1% of our traffic via HTTP protocol. This means that the traffic is not secure and can pose a security threat. Therefore, we are also making change to redirect all HTTP traffic to HTTPS. This means that you can no longer access any images using HTTP protocol. This step ensures that all image requests are secure by default. You don't need to take any actions and all of your images will still be served without any issue.
If you have any questions about this change, please send us a chat or mail us.