Paizo.com TLS Updates and Your Browser


Website Feedback

1 to 50 of 146 << first < prev | 1 | 2 | 3 | next > last >>
Community & Digital Content Director

7 people marked this as a favorite.

Starting Tuesday, June 23, 2015, we'll be discontinuing use and support for TLS version 1.0 (more about what TLS is here).

What does that mean for our users? Users accessing the secure portions of paizo.com on older browsers may not be able to successfully access or render those pages (you can identify these by "https://secure.paizo.com" included in the URL—some of these include the "My Account", "My Downloads", "My Pathfinder Society", and logging into paizo.com, for example).

A list of the earliest versions of browsers that can access these areas of the site is included at the end of this post, and we encourage our users to update their browser for optimal experience and support on paizo.com. Non-secure pages are unaffected by this change.

This update is one that is occurring on many sites that handle secure information and is being mandated by our credit card processor. It is not an update that we can put off or opt-out of for this reason. We understand that this may be an inconvenience to some of our users, and wanted to give you a heads up about any interrupted service or issues you may experience related to this change.

Earliest Supported Browser Versions for the Secure Portions of paizo.com:

  • Android OS Browser 5.0, Recommended 5.1
  • Chrome 30, Recommended 43
  • Firefox 27, Recomended 38
  • Internet Explorer 11, Recommended 11 and onward (including Microsoft Edge)
  • Opera 17, Recommended 29
  • Safari 7 (Requires OSX 10.9 Mavericks), Recommended 8 (Requires OSX 10.10 Yosemite)
  • Safari (Mobile) iOS 5, Recommended iOS 8 — Supported devices include the Apple TV (2nd generation and up), any iPad, iPhone 3GS and up, and iPod Touch (3rd generation and up).

Dark Archive

Pathfinder Roleplaying Game Charter Superscriber

Have you tested it yet with Microsoft Edge (the new browser in Windows 10 that replaces IE)?

Community & Digital Content Director

From a brief bit of Googling, Microsoft Edge *should* be OK. I've updated the post to reflect this.

Silver Crusade System Administrator

IE 10 is also compatible as long as the OS is capable and they are turned on in preferences which they are defaulted to off. Still, it's recommended that you upgrade to IE11 if you are using IE as it's on by default in IE11 and it will protect you from some additional vectors.

Liberty's Edge

2 people marked this as a favorite.

As an InfoSec guy, thanks for rolling this out. I'm not actually too concerned about someone putting in the work to launch a cryptographic attack against Paizo connections, but it's good to see that you guys follow best practices.


So for the clueless (or at least one clueless, anyhow). I have Internet Explorer 9 and dont generally upgrade anything until I get a new computer, something I dont really want to change if I can avoid it.

Does that mean I'm no longer going to be able to access my account at all? Or just not the "secure" parts of the website? Will I still be able to buy stuff?

Silver Crusade System Administrator

There is a way to turn it on for IE9 if you're on at least Windows 7. But generally the secure parts are the parts for buying and account stuff; basically any time you see secure.paizo.com rather than paizo.com. A lot of the reason we have to do this is because of requirements for processing credit cards and you will see more and more sites go this way over the next couple of months. In Tools(or gear on mine)->Internet Options->Advanced and then look down towards the bottom and make sure TLS 1.1 and TLS 1.2 are enabled and that should keep you working. Also, firefox and chrome have had support for quite awhile now.


Thanks very much, Lissa. I'll look into doing that. Though I suspect windows 7 is probably later than windows Vista (which is what I use, I think).

Maybe I need a new computer. :(

Hmm...turns out this computer is using IE8. There's only TLS 1.0 as an option. Guess I'll have to make the leap.


Steve Geddes wrote:

Thanks very much, Lissa. I'll look into doing that. Though I suspect windows 7 is probably later than windows Vista (which is what I use, I think).

Maybe I need a new computer. :(

Hmm...turns out this computer is using IE8. There's only TLS 1.0 as an option. Guess I'll have to make the leap.

Steve, to reiterate what Lissa has said, you don't need to replace the computer, necessarily. Just install Firefox or Chrome. By and large, a browser is a browser is a browser, so you're not looking at some massive learning-curve. Firefox at least will import your existing favorites/bookmarks.

You can be compliant in five minutes, without the expense of a new PC if you're not ready for one. And frankly a jump to Win8.1 over Vista would introduce a bunch of interface differences anyway, if you're reluctant to get off Internet Explorer.

Dark Archive

Pathfinder Roleplaying Game Charter Superscriber
Anguish wrote:
Steve Geddes wrote:

Thanks very much, Lissa. I'll look into doing that. Though I suspect windows 7 is probably later than windows Vista (which is what I use, I think).

Maybe I need a new computer. :(

Hmm...turns out this computer is using IE8. There's only TLS 1.0 as an option. Guess I'll have to make the leap.

Steve, to reiterate what Lissa has said, you don't need to replace the computer, necessarily. Just install Firefox or Chrome. By and large, a browser is a browser is a browser, so you're not looking at some massive learning-curve. Firefox at least will import your existing favorites/bookmarks.

You can be compliant in five minutes, without the expense of a new PC if you're not ready for one. And frankly a jump to Win8.1 over Vista would introduce a bunch of interface differences anyway, if you're reluctant to get off Internet Explorer.

Even waiting a couple of months (after July 29th) for a new PC with Windows 10 is going to be significantly different in terms of UI. Not quite as different as 8.1, but still very different. (8.1 gets way more abuse than it deserves, but it's still a hard OS to get used to after years or decades of using regular desktop versions of Windows.)

But as Anguish just said Steve, all you need to do is install Firefox or Chrome. The only reason to stick with IE is if it's a workplace system and it's locked down due to a rights issue or dedicated apps that only work on certain versions of IE.


Or an irrationality bred from a lifetime of poor experiences with computers. :(

I genuinely don't install software (pretty much ever, although I buy apps on my iPad, so hopefully that will still work for me). I buy computers with what I need and use them for years after I should. I can't remember the last time I installed a program (It would have been the 20th century, I think).


Just to be clear. I REALLY appreciate the advice - I'm clueless and irrational about this stuff, so the more information and options I can get the better. Even if I don't really act sensibly on that advice.

There's a company here called "Leet Geek" or something who fix computer problems - maybe I can get one of them in and point them at this thread.

Dark Archive

Pathfinder Roleplaying Game Charter Superscriber
Steve Geddes wrote:

Just to be clear. I REALLY appreciate the advice - I'm clueless and irrational about this stuff, so the more information and options I can get the better. Even if I don't really act sensibly on that advice.

There's a company here called "Leet Geek" or something who fix computer problems - maybe I can get one of them in and point them at this thread.

Steve, don't waste the money on a simple browser install of all things. Go to this link: https://www.google.com/chrome/browser/desktop/index.html (or click here) and then click the blue button to download, then the next blue button to accept the terms of use and install. The installer should take care of all of the rest.

Silver Crusade System Administrator

Steve Geddes wrote:

Or an irrationality bred from a lifetime of poor experiences with computers. :(

I genuinely don't install software (pretty much ever, although I buy apps on my iPad, so hopefully that will still work for me). I buy computers with what I need and use them for years after I should. I can't remember the last time I installed a program (It would have been the 20th century, I think).

Windows Vista is indeed a scosh too old. It has to do with a bunch of builtin security stuff that just isn't there until 7. iPad should work fine as long as it's kept current which it asks you to do pretty often. ^_^ I'd be pretty lost without mine.


Kvantum wrote:
Steve Geddes wrote:

Just to be clear. I REALLY appreciate the advice - I'm clueless and irrational about this stuff, so the more information and options I can get the better. Even if I don't really act sensibly on that advice.

There's a company here called "Leet Geek" or something who fix computer problems - maybe I can get one of them in and point them at this thread.

Steve, don't waste the money on a simple browser install of all things. Go to this link: https://www.google.com/chrome/browser/desktop/index.html (or click here) and then click the blue button to download, then the next blue button to accept the terms of use and install. The installer should take care of all of the rest.

I wouldn't just do that. I think I'll take the opportunity to upgrade the computer (although I should wait until the next windows comes out, by the sound and just use my Ipad for the secure.paizo places until then).

I appreciate the help - it's just that software installing stresses me (even syncing my Ipad is something I put off as long as possible). I'd much rather pay someone to do it and know I'm not going to break anything.


Lissa Guillet wrote:
Steve Geddes wrote:

Or an irrationality bred from a lifetime of poor experiences with computers. :(

I genuinely don't install software (pretty much ever, although I buy apps on my iPad, so hopefully that will still work for me). I buy computers with what I need and use them for years after I should. I can't remember the last time I installed a program (It would have been the 20th century, I think).

Windows Vista is indeed a scosh too old. It has to do with a bunch of builtin security stuff that just isn't there until 7. iPad should work fine as long as it's kept current which it asks you to do pretty often. ^_^ I'd be pretty lost without mine.

As long as I can keep buying stuff here. That was my main worry.

Thanks for the explanations. :)


4 people marked this as a favorite.
Steve Geddes wrote:
I'd much rather pay someone to do it and know I'm not going to break anything.

I hear - and respect - your position. That said, I'm an IT guy and genuinely want to help. The way you're describing your feelings on the matter, it sounds not unlike someone unwilling to use a light switch, because it could go wrong, so they're going to call an electrician to turn on the lights for them.

There are high-risk and low-risk computing activities. Doing an operating system upgrade is fairly high-risk. Updating driver software for things like video cards is also fairly high-risk. Not in terms of data-loss, but in terms of "something is now acting strange and I need help". Installing a simple, massively well-known application such as Chrome or Firefox is very low-risk. They're both applications that are installed on hundreds of thousands of PCs, and while NO software is free of issues, these ones in particular are well-tested.

The odds of you having anything go awry are very, very low. Also, having a second (or third, or fourth) web browser as an option on a PC doesn't remove the first browser. Meaning that if for some reason you can't get Chrome/Firefox to actually work because <massively unlikely> happens, you can still double-click the blue E to run Internet Explorer.

While this isn't physical-world, adding a web browser is basically the digital equivalent of refilling the paper tray on your printer. Yes, it's a "computer task", but... it's not a complicated or risky one. Removing a paper jam... sure, ask for help. Replacing a fuser... sure, ask for help. But filling the paper tray? Mmmm, very much DIY, for anyone.

Final paragraph. Remember, you're a member of a (friendly) community here, many of which are highly technical, and many of which are in IT. I'm certain that many of us would be more than willing to go PM/e-mail and walk you through the something like three clicks it takes to do this task. I expect I speak for a bunch of us that are cringing when you talk about paying someone like us to do this for you. It just feels... wrong, like saying you're going to pay someone to type things for you because something might go wrong with a keyboard if you do it yourself.

Grand Lodge

Pathfinder Adventure, Adventure Path, Pathfinder Accessories, Rulebook, Starfinder Adventure Path Subscriber

I'll be keeping an eye out for the changeover announcement.

Paizo Employee Chief Technical Officer

1 person marked this as a favorite.
Anguish wrote:
Steve Geddes wrote:
I'd much rather pay someone to do it and know I'm not going to break anything.
I hear - and respect - your position. That said, I'm an IT guy and genuinely want to help. The way you're describing your feelings on the matter, it sounds not unlike someone unwilling to use a light switch, because it could go wrong, so they're going to call an electrician to turn on the lights for them.

Running with that light switch analogy, I think Steve's next-to-last post was saying that while he *could* flip the light switch, he has decided that since the house is wired up mainly with these, he might as well just bring in the electrician anyway.

Silver Crusade System Administrator

I'm looking at Thursday unless something goes sideways here that needs a lot of attention.

Owner - House of Books and Games LLC

Vic Wertz wrote:
Anguish wrote:
Steve Geddes wrote:
I'd much rather pay someone to do it and know I'm not going to break anything.
I hear - and respect - your position. That said, I'm an IT guy and genuinely want to help. The way you're describing your feelings on the matter, it sounds not unlike someone unwilling to use a light switch, because it could go wrong, so they're going to call an electrician to turn on the lights for them.
Running with that light switch analogy, I think Steve's next-to-last post was saying that while he *could* flip the light switch, he has decided that since the house is wired up mainly with these, he might as well just bring in the electrician anyway.

Now I want some of those for my house!

Silver Crusade System Administrator

OK. I've just turned off support for TLS version 1.0. Please message webmaster@paizo.com if you have any questions and can't post. Also, remember, if you can download and install the newest chrome or firefox or can upgrade to IE 11, you should be able to get things going. Also, android and iOS will probably need newer versions.


Weird thing just now that may or may not be related:

When I open a new page, I get this dialog box:

Quote:

The page at Paizo.com says:

c

When I click OK, I get:

Quote:

The page at Paizo.com says:

43

This time, I get the option to check a box to stop the page from creating any new dialogs, and once I do that everything seems fine ... until the next time I open a new page.

I'm using up-to-date Chrome (Version 43.0.2357.124 m).


Is this why I get a dialogue window saying nothing but "f" and an OK button, and when i click that away another window saying "39" and then "27"?


I got some messages using Chrome 43, but I was able to turn them off. I can't update Safari at work (ahem, yes, I'm at work) as we use Hackintoshes (ahem) to run older versions of Pro Tools. None of that is your concern. :) Chrome is fine.

Silver Crusade Contributor

Is there a reason that, whenever I load a Paizo page, I get weird popups? First "f" and then a number with "Prevent page from creating additional dialogs".

Silver Crusade System Administrator

No. There was a glitch in the javascript that was supposed to be displaying the warning to people. It wasn't working and we readded TLS v 1.0 to the system and will try it again next week as long as people have warnings.

Silver Crusade Contributor

We are as one in this thing, apparently. ^_^


I just restarted my browser and it seems to be gone now.

Grand Lodge

1 person marked this as a favorite.
Pathfinder Adventure, Adventure Path, Pathfinder Accessories, Rulebook, Starfinder Adventure Path Subscriber

Well, I can still post, and that's what matters. :)


1 person marked this as a favorite.

Got it myself and was a bit concerned since my browser isn't on your list but does support TLS 1.1/1.2. Thought you might be just checking user agent string against your list.

Pale Moon

"Pale Moon: Release notes
24.3.2 (2014-02-11)
An update to implement TLS v1.2, implement a few new features and fix some minor bugs.
Fixes/changes:
New feature: Implemented the TLS v1.1 (RFC 4346) and TLS v1.2 (RFC 5246) protocols for improved https security.
"

I logged in to make sure I still could and then noticed my OS update notifier. Did a restart due to kernel updates (linux) and you had reverted to 1.0 by the time I got back.

FYI current version is 25.5 released today.

Silver Crusade System Administrator

Yeah, we can't do it for every browser out there but the main ones, we can. People who download something less mainstream probably know what they're doing. =)


Well, it turns out the world didnt end. My Internet Explorer 9 is still working fine (although tools/internet options/advanced doesnt let me enable TLS 1.1 or 1.2 - just 1.0).

I can still check my order history and buy stuff and (apparently) post. So that seems good - I'm all for change, provided I dont notice anything different. :)

Silver Crusade System Administrator

Well, we had to roll it back because of some problems with the javascript that was SUPPOSED to warning people. We're going to try it again in a week maybe two. We'll need to gather some concensus.


Ah, that explains it - I thought it a little odd.

Community & Digital Content Director

Now updated with the date we'll be changing this over.

Scarab Sages

As long as I can continue to post inane crap and (hopefully) annoy the living piss out of certain tools, I'm good.


Will I be able to use it with an app called Photon Browser?

Community & Digital Content Director

1 person marked this as a favorite.
♣♠Magic♦♥ wrote:
Will I be able to use it with an app called Photon Browser?

We (the Paizo staff) really can't provide information for compatibility beyond the major browsers available in the list above. Since this is a Flash application with browsing built in, I suggest contacting the developer of the app for TLS information they may have.

Silver Crusade System Administrator

1 person marked this as a favorite.

Additionally https://www.howsmyssl.com/ has a section called Version which will check your compatibility.


Ok. Thanks y'all. :)

I don't suppose the new update will let us set different default aliases for their own threads, will it? XD

Edit: What does it mean if my SSL is Bad, but my TLS is Good?

Edit Edit: Never mind, I think I figured it out.


...ugh, at least with respect to my laptop, having to jump all the way from 10.6.8 to a 10.9 or even 10.10, not sure if I'll just have to replace it outright. >.<


Curious, is Paizo PCI compliant?

Dark Archive

Pathfinder Roleplaying Game Charter Superscriber
Sandslice wrote:
...ugh, at least with respect to my laptop, having to jump all the way from 10.6.8 to a 10.9 or even 10.10, not sure if I'll just have to replace it outright. >.<

You can just switch your browser over to Firefox. No need to replace or really even upgrade the laptop's OS. (But I know the upgrade can be done, as long as the hardware can run 10.10. We upgraded a bunch of our old Macs at work to 10.10 last year from 10.6.8 and 10.7.X.)

Now if you do want to do an OS upgrade, then check this page on apple.com (https://www.apple.com/osx/how-to-upgrade/) for more specific info, including a list of Macs that will support the 10.10 upgrade. (I will say, from personal experience of supporting the older Macs, if you have user-replaceable/upgradeable RAM, max it out for any older Mac going to 10.10. It runs fine, but it's more RAM-hungry than older versions of the OS.)


Adventure Path Charter Subscriber; Pathfinder Rulebook, Starfinder Adventure Path, Starfinder Maps, Starfinder Roleplaying Game Subscriber

I did find this bit quite confusing...

"What browsers does this effect?
... dun dun duhhhh...
• Internet Explorer 11, Recommended 11 and onward (including Microsoft Edge)
..."

So support for IE 11 is going yet IE 11 is recommended - say wha? >.<

Thank god I use Google Chrome!

Just noticed that the title is "what browsers are affected", but the list is actually "what browsers work" - very confuddling!

I guess my question is...

Will this affect Outlook and Email readers when getting a Paizo email with art from a secure Paizo image server?


Vic Wertz wrote:
I think Steve's next-to-last post was saying that while he *could* flip the light switch, he has decided that since the house is wired up mainly with these, he might as well just bring in the electrician anyway.

My house is ~110 years old, and the dining room still has those switches.

And Lissa, thanks for the instruction on how to enable IE 9 for compliance; at home it's a non-issue since I use Firefox, but at the office I'm stuck with IE 9.


Could it be a PCI initiative? ... lol

Silver Crusade

Pathfinder Adventure, Adventure Path, Maps, Starfinder Adventure Path, Starfinder Maps, Starfinder Roleplaying Game, Starfinder Society Subscriber

Just got the email. Hooray! Best practices are the best.*

In the email, I saw that Opera 14 was the earliest Opera that supported the new Paizo security regime. That's a bit of a feat, since it doesn't exist! (They jumped from 12, using Presto, to 15, using Blink.) I think you mean 15, but the 17 at the top of this post might also be right.

* Well, sometimes.


Sean P. Kelley wrote:
Curious, is Paizo PCI compliant?

If not, they will be because of the credit card transactions. I am guessing this is one of the reason why they are discontinuing TLS 1.0 support and I am guessing they are going to 1.2 which currently seems to be PCI's magic version.

Silver Crusade System Administrator

Anderlorn wrote:
Sean P. Kelley wrote:
Curious, is Paizo PCI compliant?
If not, they will be because of the credit card transactions. I am guessing this is one of the reason why they are discontinuing TLS 1.0 support and I am guessing they are going to 1.2 which currently seems to be PCI's magic version.

PCI DSS 3.1 requires that TLS 1.0 be removed. It's the reason we have to force this issue. =) It's always been a medium compliance issue so we've not been out of compliance until this was changed last month.

1 to 50 of 146 << first < prev | 1 | 2 | 3 | next > last >>
Community / Forums / Paizo / Website Feedback / Paizo.com TLS Updates and Your Browser All Messageboards

Want to post a reply? Sign in.