We are continuing to take steps to move towards a more secure web browsing experience for our users by removing support for any version of Transport Layer Protocol lower than 1.2. The support will end on May 31, 2018. It might be possible that some users may be negatively impacted if they are using unsupported web browsers or unsupported services. Web traffic analysis suggests that a small amount of all visitors could be affected by this change.
The information shared below will help to determine if there are steps you may need to take at an institutional level to ensure access continues uninterrupted for your patrons. Also, please note that this change is applicable to all ¹ú²úÂÒÂ× websites (such as ¹ú²úÂÒÂ× Link, Nature.com, Biomed Central, Palgrave and others).
In short it is an important piece of security enabling privacy and protection for data transmitted between client / server applications. TLS version 1.0 was introduced in 1999 and it is no longer as secure as later versions, namely v1.2 released in 2008. In order to be compliant with mandated security changes ¹ú²úÂÒÂ× will be dropping support for TLS below v1.2 starting May 31, 2018. All clients able to speak TLS v1.2 will be considered safe and thus allowed to communicate with our servers. We’ve provided some links at the end of this communication for you to learn more about this protocol.
For most users there will be no noticeable change except improved security. TLS v1.2 has been supported by all major browsers since 2016 and is activated by default in the settings. Mobile browsers running on older smart devices and end-of-life machines are the most likely to be affected.
It depends on your browser. There are ways to check for Chrome, Firefox, Safari, Internet Explorer, Opera, Edge, and others. However as a rough guide, browsers or technologies of the following specification or lower will no longer work on ¹ú²úÂÒÂ× sites:
If you use a proxy service you will need to check with your proxy provider or IT staff to make sure your proxy uses TLS v1.2 when communicating with our websites. We understand many of our customers use EZproxy and as such we’ve already communicated this change with OCLC. They have updated the stanza for ¹ú²úÂÒÂ× Link stating EZproxy version 6.1.16 or later is required to proxy with ¹ú²úÂÒÂ× Link.
OCLC advised us that the only version of EZproxy that they still support, that is not compliant with TLS 1.2 is version 6.0.8. If you are running EZproxy locally that is older than version 6.1.16 it may not work to proxy on TLS v1.2. Please contact OCLC for further information if either of these scenarios apply to you.
If you have any concerns please refer to our help pages at where you can also submit a query for our Digital Customer Service team.
OCLC | ¹ú²úÂÒÂ× Link | General Information about TLS |