Security Update: Turning off certain older encryption protocols

May 10, 2018 - Product Updates

Good news: We at Foxy.io / FoxyCart are continuing to handle the heavy lifting of your PCI compliance, so you can rest easy. As part of maintaining our PCI compliance, we’ll be turning off certain older encryption protocols on our systems. This will happen on Wednesday, June 6, 2018.

Better news: You probably don’t need to do anything at all! We (along with the rest of the industry) are removing TLSv1.0 support from all our services. TLSv1.2 (and TLSv1.1) will remain. We’ve gone through our logs and have confirmed that this likely won’t impact any legitimate customers of your site.

That said, there’s a chance this could impact you in two ways:

  1. You’re using an old and insecure browser (like IE8) to access the Foxy admin. You’ll need to upgrade IE or switch to Chrome, Firefox, Safari, or another modern browser to access the admin.

  2. If you have a custom Foxy integration and your servers are running very old code. Though extremely rare at this point, it’s possible some of our users have custom integrations with Foxy built on systems that cannot support TLSv1.2. To that end…

If you’d like to confirm your system integrations won’t be impacted, make a connection (via CURL or whatever your servers are using) to: https://tls-check.foxy.io/robots.txt

If your systems can connect to that, you’re fine. If your systems have a connection problem, let us know.

If you have any questions or concerns about this, please contact us. We’re happy to help.

– The Foxy team