Your browser is not secure
You're seeing this page because your web browser tried to connect to Warwick's website with insecure settings. Please upgrade your web browser.
From 23 May 2017 onwards, we will disable the TLS 1.0 encryption protocol across the University's web services. Disabling TLS 1.0 prevents it from being used to access Warwick websites via an insecure web browser or application. We're making this change to keep the University's websites safe and secure.
When does this happen?
|Tuesday 23 May 2017||Customers making an online payment can only do so using a browser that supports TLS v1.2. This is due to changes made by our payment solution supplier.|
|Monday 3 July 2017||We disabled TLS v1.0 connections to our transaction tracking system onlinepayment.warwick.ac.uk|
|Tuesday 8 August 2017||We will disable TLS v1.0 connections to Single Sign-on and our identity provider. It will no longer be possible to sign in to web services using a browser that only supports TLS v1.0.|
|Monday 8 January 2018||We will disable TLS v1.0 connections to all other web services.|
What do I need to do to prepare?
When accessing websites using a web browser, ensure you use the latest available version of the browser – whether that is Internet Explorer, Google Chrome, Mozilla Firefox, Safari or another browser. Using the latest version keeps you safe online because you're using the most up-to-date security settings.
For detailed information on how his change will impact you, and the actions we recommend you take, please refer to the following pages:
- Apple Mac
- Internet Explorer (desktop)
- IE (Internet Explorer) Mobile on Windows Phone
- iOS devices (iPhone, iPad and iPod Touch)
- Java developers
Why is this happening?
Although TLS 1.0, when configured properly, has no known security vulnerabilities, newer protocols are designed better to address the potential for new vulnerabilities.
The PCI Data Security Standard 3.1 recommends disabling “early TLS”:
“SSL and early TLS are not considered strong cryptography and cannot be used as a security control after June 30, 2016 [without a mitigation strategy for disabling it before June 2018].
The best response is to disable SSL entirely and migrate to a more modern encryption protocol, which at the time of publication is a minimum of TLS v1.1, although entities are strongly encouraged to consider TLS v1.2.”
We need to be PCI-compliant to take online payments at the University. It is not sufficient to merely disable TLS 1.0 on our transaction tracking system as the requirement extends to any system that initiates a payment, including car parking, printer credits, the Warwick website, etc.
For the best experience using our applications, we recommend that you use the latest version of one of the following browsers:
Apple Safari for Mac (Safari on Windows is not supported)