CheckMarket is committed to security. The PCI Security Standards Council has declared that TLS 1.0 and TLS 1.1 will reach its end-of-life on June 30th 2018 in response to security concerns around these protocols.
We’re sticklers for backwards-compatibility and make potentially breaking changes only when absolutely necessary. Our users’ security is paramount, so deprecating these outdated technologies is one of those rare cases.
TLS 1.0 and 1.1 ensure that your communications stay private. In order to do this, they generate a series of random bytes used to encrypt your connection. TLS 1.0 provides two ways of doing this (CBC and RC4), but several vulnerabilities have been discovered in both of them (including BEAST and the RC4 biases). If you kept using old versions of TLS, someone could theoretically sniff your connection. With this change, we are following best practices in the industry: PCI council has announced June 30, 2018 as End of Life date for TLS 1.0
As a result, we are moving towards TLS 1.2, which has few known attacks and is subject to more rigorous security design than its predecessors.