You are here

Internet Explorer or Safari cannot access a web site

Subscribe to Syndicate

Internet Explorer 10.0 or Earlier

A customer received a message on their browser which prevents access to our web site There is a message that says:

Make sure SSL and TLS protocols are enabled. Go to Tools->Internet Options->Advanced->Settings.

Solutons:

Interestingly enough, the message tells people what they have to do in their browser to fix it. Go to Tools->Internet Options->Advanced->Settings and turn on allow TLS 1.1 and 1.2 as per the diagram to the right. Sadly, Microsoft disabled high encryption cipher usage by default. Why? We don't know. A patron has to turn the settings on themselves -- and hence the message.

Alternatively, you can update to a later version of Internet Explorer or use Safari, Firefox, Chrome or Opera.

Note: Microsoft has indicated end of life for IE 10 and below as of Jan 12, 2016. Due to security considerations, they will only support IE 11 and Edge browsers

 

Firefox, Chrome or Opera

If the web site cannot be viewed in other browsers like Chrome or Firefox, all you need do is update to a later version of the browsers. Those browsers are pretty insistent about using the latest.

 

Safari 6.2.3 and Earlier

Versions of Safari on OSX 10.8.5 and earlier represent about 1% of the market share for internet browsers (Circa 2015). These old versions of Safari cannot access secure commerce web sites because they do not support TLS 1.2. (Source Link)

Solutions:

  • update to Mavericks or later (this is a free upgrade from Apple) -or-
  • download the latest Firefox, Chrome, or Opera browsers (also free)

 

What is the history behind this?

Google has been cracking down on the poor state of internet security and leading the charge to force people:

  • to know which web sites support high encryption
  • scare people away from sites that could be vulnerable to recently identified security problems (eg poodle, heartbleed, etc) -and, at the same time,
  • cause people to use 'more secure browsers' -- which also means more use of Google Chrome (which is an advantage for google, but thats a different issue).

This is a laudable end goal -- increase internet security. Chrome, Firefox, Safari, Opera are all onboard the train. For that matter, so has later versions of Internet Explorer (if you modify the internet options).

 

Why is this just showing up now?

For a long time SSL version 1 was prima facie. Then came SSL2 and SSL3 protocols to increase security. Then something called TLS V1, followed by TLS v1.1 and TLS v1.2. In the past year, the encryption strength and vulnerability of SSL, SSL2, SSL3 and TLS V1 have been demonstrated via security flaws like Heartbleed and Poodle. After serving 15+ years in good stead, those older encryption standards can be easily broken by the bad guys.

Arts Management is committed to help you remain PCI compliant and passing PCI scans. PCI scans test for bad encryption ciphers and mark your site as weak and able to be compromised if you allow SSL, SSL2, SSL3 and TLS V1. You can test your web site for free using Qualys SSL tester. You should see the protocol results as below if properly protected.

Its a good thing to keep updated and AMS

  • is mandated to disable encryption with holes in it by the PCI council .... and
  • we do so as a matter or course for your customers safety and privacy ......
We will continue to update Apache settings to disable security flaws as soon as we find out about them. It is unfortunate that older browsers wont (cant) load web pages when the web server is set for proper e-commerce security.

 

The bottom line is:

With high security implemented on a Theatre Manager web site, it will cause customers using:

  • IE 6, 7, and 8 to be denied access to the web site (because the browser cannot support TLSv1.1 encryption)
  • IE 10 and 11 users to get a message telling them to enable use of the TLS v1.1 security (as I said, the message is explicit -- turn it on).
  • Versions of Safari older than 6.2.3 to not be able to connect
  • All other browsers should be ok (safari, firefox, chrome, opera, and most mobile operating systems automatically upgrade the browser to use the best encryption there is available on the site).

 

Will Theatre Manager be the only web e-commerce site with this issue?

Short answer. NO !

Commerce based web sites on the internet and banking sites directly (such as Authorize.net's directive as of Sept 15, 2015) if they have not done so already, will be forcing use of TLSv1.1 and up. Customers using older, non-compliant browsers will soon get this message at other web sites, if they have not already received it. It is a blessing to be at the leading edge of safety that PCI enforces on you - and a curse as older browsers are being quickly made redundant by Google's goal and Microsoft is not updating them.

We are required to help you be as secure as possible - and PCI prevents us from dumbing down your web site to allow insecure commerce.