Updated WebCrossing security for April, 2020

We hope everyone is doing well and coping with all the current events. Here at Elliptics we continue to work remotely as usual, and are here if you need anything. Please take care, and be well.
As we mentioned in our previous newsletter, beginning in January, 2020 the major browsers began enforcing stricter security and rejecting https connections to old SSL/TLS protocols. The current secure https version is TLS 1.2

Apple, Google, Microsoft, and Mozilla announced over a year ago that they will end support for TLS 1.0 and TLS 1.1 and will disable support for those encrypted protocols in Chrome, Edge, IE, Firefox, and Safari in 2020. 

WebCrossing has supported both TLS 1.2 and TLS 1.3 since June, 2018. In our last release we  (1) updated the latest OpenSSL implementation of TLS and (2) disabled TLS 1.0 and TLS 1.1. Security testing services currently rate your site’s secure connections based on whether you require newer, secure browsers. If you are using the immediate previous release of WebCrossing then your site’s security is rated A.

This release incorporates recent OpenSSL upgrades from the end of March, 2020 into WebCrossing. Technically speaking, the major change is “fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (CVE-2019-1551).” Anyway, best to be as safe as possible.

If you are using secure connections (https vs http) for your site, we highly recommend upgrading to the latest version. If you are not using secure connections, we recommend you do. These days browsers are getting more and more fussy about connecting to servers which are not secure, and this is even more so in 2020.

The latest release version is now WebCrossing 6.4-1354 2020-04-02.

All self-hosted customers with valid support and maintenance contracts can download this new version at no cost.If you are a self-hosted customer and have a valid support and maintenance contract, please contact support for access to the new server. If your support and maintenance contract has expired, please contact us to renew so we can provide you with this important update.