TAN: Browser Support for Schemeswriter

Published on 23 Jan 2017


Notice of Support Changes

We will soon be changing our supported clients for the SchemesWriter platform and applications. After July 31st 2017 our minimum supported browsers will be:

  • Internet Explorer 11
  • Microsoft Edge
  • Chrome v40
  • Firefox v34
  • Safari 8

As of July 31st 2017 any browser on Microsoft Windows XP will no longer be supported. The minimum operating system version supported will be Windows Vista with Internet Explorer 9* (see footnote)

Why are we changing our supported clients?

We pride ourselves on using up-to-date security standards and practices. Information Security is a constantly changing landscape and we are always looking at the threats online to our systems and data. We keep a close eye on security statements and work by other vendors that informs our own work and practices.

Security

Microsoft officially retired all support and security fixes for Windows XP on 8th April 2014. The operating system has been shown to be insecure, and so to protect our customers, as well as protect our own infrastructure, we can no longer support this operating system in any configuration.

Official Support for Windows XP ended

Windows XP does not support the latest and most secure cryptographic libraries that we must use to secure communication between browsers and our web servers.

ThePOODLE and BEAST attacks both abuse flaws in older cryptographic libraries. POODLE is an attack on SSL v3.0, while BEAST is an attack on CBC in TLS v1.0. As such we must disable use of SSL v3.0, and disable weak ciphers on TLS v1.0, and prefer far stronger TLS v1.2. Older Windows operating systems are incapable of using these more secure libraries and so we cannot support their use.

POODLE mitigation

These browsers either deprecated or disabled SSL v3.0

  • Chrome disabled SSL 3.0 fallback in v39. Disabled SSL 3.0 in v40
  • Firefox disabled SSL 3.0 in v34.
  • Microsoft disabled SSL 3.0 in Vista+. Disabled SSL 3.0 in IE11.
  • Safari disabled CBC in SSL 3.0 but left RC4 which is still broken.

BEAST mitigation

These browsers support TLS v1.1+

  • IE11+ in Win7+
  • Firefox 27+
  • Chrome TLS 1.1 v22+
  • Chrome TLS 1.2 v29+
  • Safari 7 on OSX 10.9* (see footnote)

The page describing how to mitigate BEAST attacks initially recommends switching to the RC4 algorithm to mitigate the CBC vulnerabilities in TLS 1.0. Subsequent work has found exploits in RC4 therefore it is prudent to move to TLS 1.1+ in order to prefer elliptic curve encryption. In early 2016 all major browser manufacturers were removing support for RC4

TLS Support in the major browsers

Costs and Infrastructure Support

In order to simplify our infrastructure and operations tasks we are moving to a technology called SNI on our web servers. Server Name Indication is used to serve multiple HTTPS protected sites from a single IP address. SNI has been supported from early versions of Chrome and Firefox, but relatively late in Internet Explorer.

SNI Support

  • IE 7+ on Vista. Not on Windows XP.
  • Firefox v2.0
  • Chrome v6.0
  • Safari. Not on Windows XP.

SNI will allow us to secure and deploy sites more swiftly and simplify our operational tasks, as well as allow us to scale more quickly and cost effectively.

Software Libraries

We strive to use the best tools for the job when developing our software. This does not always mean the latest technology, but it does often mean using the most stable and supported libraries to help us develop great software. In order to stay supported with those libraries, we will need to follow the vendor's lead on what they support in order to guide us on the browsers that we can ultimately support.

JQuery

  • Chrome: (Current - 1) and Current
  • Firefox: (Current - 1) and Current
  • Internet Explorer: 9+
  • Safari: (Current - 1) and Current

Angular

  • Chrome Latest
  • Firefox Latest
  • IE 9+
  • Safari 7+

As these libraries no longer support Internet Explorer versions under 9, we too must drop support for these versions. Chrome and Firefox are under differing update schedules, and while these libraries state support for the current versions only, in practice this means that they support many of the older versions, and as such so will we.

Footnote on Browser Versions

Internet Explorer

Our headline supported version of Internet Explorer is 11+. This is the minimum supported version on the last 3 versions of Microsoft Windows (7, 8.1 & 10). However Windows Vista is still in use although no longer in active mainstream support. It's extended support phase ends on April 11th 2017. As such we will be endeavoring to continue to support Internet Explorer 9 on Windows Vista because the operating system cannot install Internet Explorer v10 or v11. This means that our software will still be tested against that version and bugs will still be fixed. We will no longer guarantee continuing UI consistency but will do our best to keep our software usable on this older platform.

Operating System Supported version of Internet Explorer
Windows Vista SP2 Internet Explorer 9
Windows 7 SP1 Internet Explorer 11
Windows 8.1 Internet Explorer 11
Windows 10 Internet Explorer 11

Stay up-to-date with Internet Explorer

Safari

While version 7 of Apple Safari is noted as being the minimum version that supports TLS v1.1+, this version was no longer supported by Apple as of the end of 2016. As such we will support Safari version 8+.