Claims Portal: Important Message – Please pass to your IT Department - Countdown to 29 November

From 29 November 2017 due to security considerations we will no longer support SSLv2ClientHello handshaking message as it is an unsupported protocol.
This means that unless an upgrade has been applied, Users with this handshaking protocol will no longer have access to any of Claims Portal sites including Web Browser Training and Production and A2A Integration/test and Production.

A2A Users

A2A users that use the SSLv2 hello messages after the above date will not be able to access the portal and will receive a “handshake failure” message.

A2A users that currently use SSLv2ClientHello handshaking will need to upgrade and test their changes before 29 November. Testing of their upgraded protocol can be performed in the current A2A Integration/Test site.

Web Users

We are aware older browser versions may still use SSLv2ClientHello handshaking message.

To use the Portal IE10 or above are the correct supported versions recommended by CPL Ltd.

If you are unsure check with your IT Department to establish whether they use SSLv2ClientHello by default and whether they have the option to use at least SSLv3ClientHello although for your information whilst SSLv3Hello handshaking is still supported it’s suggested not to use this version for security reasons. It is also highly likely that, in a future security update, the SSLv3Hello handshaking will be completely disabled (as occurred for SSLv2Hello handshaking)

We recommend that Web users that currently don’t use Internet Explorer IE10 or above upgrade to the last browser version supported by the vendor, for example Chrome, Firefox, etc.  

Changes can be tested before 29 November in the current Training site. Web users who access the portal after 29 November using SSLv2ClientHello handshaking will receive an error message and will not be able to access the portal.

Testing the update has been applied and using the most up to date protocol

Please note that the A2A integration site will continue to accept the SSLv2ClientHello handshaking message until 29 November. If you currently use this protocol you should use the A2A integration site to validate your changes and to ensure that you will have access to the Portal production and integration sites once the SSLv2ClientHello handshaking is disabled on 29 November.

For your information whilst SSLv3Hello handshaking is still supported it’s suggested not to use this version for security reasons. It is also highly likely that, in a future security update, the SSLv3Hello handshaking will be completely disabled (as occurred for SSLv2Hello handshaking)

We strongly recommend that you use ONLY TLSv1.x protocol and handshaking. Best practices suggest that you use the higher protocol currently available that is TLSv1.2 protocol.

Regards

Tim Wallis
Chairman, Claims Portal Ltd