As part of our ongoing efforts to contain potential security risks on data traffic between user browser and PolyU web applications over Internet, outdated and insecure versions of the Transport Layer Security (TLS) versions 1.0 and 1.1 will no longer be supported.
TLS is a protocol that provides privacy and data integrity between two communicating endpoints, such as user web browsers and web applications.
Major web browsers like Google Chrome, Mozilla Firefox, Safari, and Microsoft Edge have already deprecated support for TLS 1.0 and 1.1 due to their known security vulnerabilities. To address the concerns of recognized security weaknesses, all browser access to PolyU web applications will only support TLS 1.2 and 1.3. These versions offer enhanced security features and improved performance.
By disabling TLS 1.0 and 1.1 on our platforms, we are ensuring that PolyU websites and our applications are protected with the most up-to-date security standards. This proactive step aligns with industry best practices and helps safeguard sensitive data while protecting our users from certain potential security threats.
External users who are still using outdated OS and browsers that only support TLS 1.0 and TLS1.1 will be redirected to a web page which notifies them that our web applications require TLS 1.2 or higher. Users will need to upgrade or reconfigure their browsers before they can access our web services again.