Forums » General
VO website now requires TLS 1.2.
The Vendetta Online website now requires TLS 1.2 (security and encryption standard), which means you need a web-browser that has been updated since, say, at least 2014. Obviously, that should not be an issue for most people
(if you're reading this, then obviously.. you're fine).
This is mostly just a housekeeping public-service announcement, in the event that someone out there has a really ancient device, and finds it cannot connect to the website anymore. (If you have an ancient device, you may still be able to find a reasonably recent browser for it, there are sometimes community projects around for these things).
Note, this just about the website, and has nothing to do with the game's compatibility; you can still run it on whatever ancient device(s) you want.
This kind of evolving support for encryption best-practices is purely to protect the integrity of the site and the player's data, and make sure our security is robust.
We dropped website support for TLS 1.0 a few years ago, which was needed for really old browsers, so this really shouldn't impact anyone additionally. We've also added support for the newer TLS 1.3.
FYI.
(if you're reading this, then obviously.. you're fine).
This is mostly just a housekeeping public-service announcement, in the event that someone out there has a really ancient device, and finds it cannot connect to the website anymore. (If you have an ancient device, you may still be able to find a reasonably recent browser for it, there are sometimes community projects around for these things).
Note, this just about the website, and has nothing to do with the game's compatibility; you can still run it on whatever ancient device(s) you want.
This kind of evolving support for encryption best-practices is purely to protect the integrity of the site and the player's data, and make sure our security is robust.
We dropped website support for TLS 1.0 a few years ago, which was needed for really old browsers, so this really shouldn't impact anyone additionally. We've also added support for the newer TLS 1.3.
FYI.
Thanks for the update o/.
Take Care
Take Care
Sounds like someone is doing their PCI self-certification checklist and noticed the July 2018 PCI-DSSv3.1 Supplement!
Not really. The latest PCI-DSS requirements still permit TLS 1.1. TLS 1.2 is simply "recommended", and of course we've supported 1.2 since it was first available. We dropped 1.0 years ago.
The browser companies intended to drop 1.1 support this year, which would have had no impact on us anyway, but that's been delayed by COVID. But that's all client-side stuff, just to get some older sites to take notice.
I tend to pay more attention to which way the wind is blowing in the actual cryptographic world. That, and there didn't seem to be much merit to keeping TLS 1.1 around, given that we can retain practically the same level of compatibility with 1.2 and allowing a few older ciphers. Old SHA1 ciphers aren't really buying us much extra compatibility. It's relevant if you had to keep TLS 1.0, like Amazon still does, but not for us.
It's just a best-practices thing, combined with the regular timing of updating our SSL libraries and such. I try to aim for good long-term foward-secure integrity, even against attackers archiving all data; along with some added "reasonable" backward compatibility, which for me is apparently ~6 years.
I imagine the changes might be more relevant for PCI-DSS v4.0, next year, although that might also have delayed enforcement due to COVID.
The browser companies intended to drop 1.1 support this year, which would have had no impact on us anyway, but that's been delayed by COVID. But that's all client-side stuff, just to get some older sites to take notice.
I tend to pay more attention to which way the wind is blowing in the actual cryptographic world. That, and there didn't seem to be much merit to keeping TLS 1.1 around, given that we can retain practically the same level of compatibility with 1.2 and allowing a few older ciphers. Old SHA1 ciphers aren't really buying us much extra compatibility. It's relevant if you had to keep TLS 1.0, like Amazon still does, but not for us.
It's just a best-practices thing, combined with the regular timing of updating our SSL libraries and such. I try to aim for good long-term foward-secure integrity, even against attackers archiving all data; along with some added "reasonable" backward compatibility, which for me is apparently ~6 years.
I imagine the changes might be more relevant for PCI-DSS v4.0, next year, although that might also have delayed enforcement due to COVID.