15 February 2016, 16:09

Hello Mahara community,

To continue to provide a secure environment for the community discussions forums, we are going to strengthen our security on the server infrastructure by disallowing weak TLS ciphers. We will make that change on 15 February 2016 to allow any users who still use old browsers to find an alternative.

What does that mean for me?

The majority of you will not have to worry about this change. Only users with old browsers that still support these weak ciphers should upgrade their browser. Recommended alternative browsers to any built-in ones that will not be supported anymore are Mozilla Firefox and Google Chrome.

After we disable the weak ciphers on 15 February 2016 and you are still running an old browser that allows them, you will not be able to connect to mahara.org anymore and will need to install a newer / recommended browser.

Am I affected by this change?

As per the SSL Labs report (as at 18 January 2016), the following browsers are affected. If you run any of these, you should upgrade to a later / recommended browser or even newer operating system:

• Default browsers on Android 2.3.7, 4.0.4, 4.1.1, 4.2.2, 4.3
• IE 6 and IE 8 on XP
• Safari 5.1.9 on OS X 10.6.8 and Safari 6.04. on OS x 10.8.4
• A few other less known browsers that we haven't seen people use

We also recommend you run your own site (if it uses SSL) through the tool to determine whether your institution's Mahara site should be strengthened as well.

Cheers

Kristina