¹ú²úÂÒÂ×

Security Enhancements for ¹ú²úÂÒÂ× Platforms including ¹ú²úÂÒÂ× Link

T
The Link
By: Diana Petrowicz, Wed May 16 2018
Diana Petrowicz

Author: Diana Petrowicz

We are continuing to take steps to move towards a more secure web browsing experience for our users by removing support for any version of Transport Layer Protocol lower than 1.2.  The support will end on May 31, 2018.  It might be possible that some users may be negatively impacted if they are using unsupported web browsers or unsupported services.  Web traffic analysis suggests that a small amount of all visitors could be affected by this change. 

 The information shared below will help to determine if there are steps you may need to take at an institutional level to ensure access continues uninterrupted for your patrons.  Also, please note that this change is applicable to all ¹ú²úÂÒÂ× websites (such as ¹ú²úÂÒÂ× Link, Nature.com, Biomed Central, Palgrave and others).

What is Transport Layer Security protocol?

In short it is an important piece of security enabling privacy and protection for data transmitted between client / server applications.  TLS version 1.0 was introduced in 1999 and it is no longer as secure as later versions, namely v1.2 released in 2008.  In order to be compliant with mandated security changes ¹ú²úÂÒÂ× will be dropping support for TLS below v1.2 starting May 31, 2018. All clients able to speak TLS v1.2 will be considered safe and thus allowed to communicate with our servers.  We’ve provided some links at the end of this communication for you to learn more about this protocol.

What does removing this support mean for you and your users? 

For most users there will be no noticeable change except improved security.  TLS v1.2 has been supported by all major browsers since 2016 and is activated by default in the settings. Mobile browsers running on older smart devices and end-of-life machines are the most likely to be affected.

What do you need to do to ensure you can continue to access ¹ú²úÂÒÂ× websites on May 31, 2018 and beyond? 

It depends on your browser.  There are ways to check for Chrome, Firefox, Safari, Internet Explorer, Opera, Edge, and others.  However as a rough guide, browsers or technologies of the following specification or lower will no longer work on ¹ú²úÂÒÂ× sites:

  • Android 4.3
  • Baidu Jan 2015
  • IE7 / Vista
  • IE8 / XP
  • IE 8-10 / Win 7
  • IE 10 / Win phone 8.0
  • Java 6u45
  • Java 7u25
  • OpenSSL 0.9.8y
  • Safari 5.1.9 / OS X 10.6.8
  • Safari 6.0.4 / OS X 10.8.4           

 What about proxy or proxy services? 

If you use a proxy service you will need to check with your proxy provider or IT staff to make sure your proxy uses TLS v1.2 when communicating with our websites.  We understand many of our customers use EZproxy and as such we’ve already communicated this change with OCLC.  They have updated the stanza for ¹ú²úÂÒÂ× Link stating EZproxy version 6.1.16 or later is required to proxy with ¹ú²úÂÒÂ× Link.

 OCLC advised us that the only version of EZproxy that they still support, that is not compliant with TLS 1.2 is version 6.0.8.  If you are running EZproxy locally that is older than version 6.1.16 it may not work to proxy on TLS v1.2.  Please contact OCLC for further information if either of these scenarios apply to you.

If you have any concerns please refer to our help pages at where you can also submit a query for our Digital Customer Service team.

Additional Resources:

OCLC¹ú²úÂÒÂ× LinkGeneral Information about TLS
  1.        
Diana Petrowicz

Author: Diana Petrowicz

Diana Petrowicz is a Marketing Manager in the Sales Enablement team, based in the London office. Supporting the Sales and Account Development teams, she is enthusiastic about finding innovate ways to communicate with the library community and specialises in producing and writing case studies across the portfolio.