As a provider of cloud-based software, AppointmentPlus adheres to security guidelines set forth by the National Institute of Standards and Technology (NIST). The NIST is charged with setting Internet security protocol for the U.S. government. As security upgrades are launched, they are adopted first by government institutions, with public companies following suit.
According to the NIST, the level of data encryption provided by Secure Socket Layer (SSL) technology is no longer adequate. Last year, the NIST mandated that government agencies upgrade to a new Transport Layer Security (TLS) protocol, TLS 1.2. The new protocol addresses loopholes present in SSL and TLS 1.0 that allowed for multiple high-profile malicious attacks in 2013 and 2014 (e.g., BEAST, CRIME, and POODLE).
Since the launch of this new protocol, the IT community has been working to integrate it system-wide by June 30, 2016.
The security certifications for AppointmentPlus expired on August 26, 2015. When we renewed them, we upgraded them to TLS 1.2 so that both Appointment-Plus.com and our application would offer 256-bit encryption ― the gold standard in online security.
But here’s the rub: Not all browsers have been updated yet to accept the new HTTPS certificates. Some have, some haven’t.
In addition, some of the third-party vendors AppointmentPlus integrates with, such as payment gateways, also have not updated to the new HTTPS certificates.
To address these difficulties, we have adjusted our security protocols to allow access from browsers and integrated software running on any version of TLS ― 1.0, 1.1, or 1.2.
What to do
You will need to ensure the Internet browsers used to connect to the AppointmentPlus system are capable of accepting the new certificates and communicating with the TLS 1.0, 1.1, or TLS 1.2 protocol.
To ensure the highest level of security, we support the following browsers, compatible with TLS 1.2:
|Google Chrome™||Current & future versions||verify version|
|Mozilla Firefox®||Current & future versions||verify version|
|MS Internet Explorer®||Current & future versions||verify version|
|Apple Safari®||Current & future versions||verify version|
It is difficult to develop software so that all features work identically, efficiently, and effectively on all web browsers. AppointmentPlus follows industry best practices in building our software to render best on the most current browser editions available. While our application may continue to work on older browser versions, we no longer test new features on the older browsers, or modify our software to support them. Should you experience an issue with how our software functions on an older browser, our Support team may recommend you upgrade in order to take advantage of faster, more secure, fully-supported applications from the browser manufacturers.
Test your browser
We created a test page that will tell you if your browser is compatible with our site.
To check your compatibility, go to: http://appointment-plus.com/tls
The good news
If your browser is one of those that hasn’t yet been updated, you’ve got a few options:
1) Check your browser’s “About” tab to locate your version information and download any pending updates. You should be good to go once that’s done.
For example, if you use Internet Explorer, you’ll go to the Tools menu, and select “About Internet Explorer.”
A window will appear, showing which version you have installed.
If you’re using anything older than IE version 10, follow this link to upgrade to IE 11.
2) If your browser is up to date, but you’re still seeing the error message, that means your particular browser has not yet implemented the new security protocol. To get to websites like ours that use the new protocol, you’ll want to switch to a browser that’s been updated to TLS 1.2, such as Google Chrome™, Mozilla Firefox® 39.0, Internet Explorer 11, or Apple Safari® 8 for Mac (Apple OS X 10.10).
If you’re a Bill Gates-type . . .
For those who love digging into the technical details, here are some additional resources on the how and why behind this new protocol:
- Original announcement from the NIST: http://csrc.nist.gov/publications/nistbul/itlbul2014_04.pdf
- Tripwire article about the NIST announcement: http://www.tripwire.com/state-of-security/latest-security-news/nist-revises-transport-layer-security-tls-guidelines/
- A quick “how-to” on disabling SSL 3.0 and TLS 1.0 in IE, Firefox, and Chrome: https://info.ssl.com/howto-turn-off-ssl-3-0-and-tls-1-0-in-your-browser/
- NIST SHA2 Recommendations:
1Roger A. Grimes, “All you need to know about the move to SHA-2 encryption.” InfoWorld, Feb 3, 2015.