Effective June 30th, 2018. the Payment Card Industry Security Standards Council (PCI SSC) is requiring the enforcement of a TLS version no lesser than TLS v1.1 (with a recommendation that 1.2 be enforced primarily).
SurveyMonkey and all of its products, like many Internet software providers, are now required to comply with this requirement to maintain PCI compliance. This is a necessary enforcement to protect your users, and our networks, from many recently identified security vulnerabilities.
You can read more about the requirement and security risks with TLS 1.0 here: https://blog.pcisecuritystandards.org/migrating-from-ssl-and-early-tls
What does this mean for you?
This change should not affect you or your users if:
1) You are using a modern internet browser, being
- Google Chrome version 30+
- Firefox version 27+
- Microsoft Internet Explorer version 9+
- Microsoft Edge
- Safari version 7+
2) You are using an up-to-date HTTP client, where TLS 1.2 support is supported
3) You are using an up-to-date HTTP client with ciphers that are at least 256 bits in length
Using an outdated browser or HTTP client is not recommended and may lead to connection issues when using SurveyMonkey Apply, FluidReview, or any of our APIs or services. To protect yourself and your users, we strongly recommend adopting a TLS 1.2 compatible agent.