Service announcement: Removal of support for TLS 1.0

Note: we have now extended support for TLS 1.0 beyond the date described here! We described the reasons for this extension in a later announcement post.

On the 22nd of September 2018, we will begin disabling support for TLS 1.0 in connections to Pusher Channels. Please make sure your clients support at least TLS 1.1.

At Pusher, we value security and safety above all else. TLS 1.0 is not as secure as we and many of our customers would like. As time goes on, the standards encourage us to stop supporting less secure versions of TLS. We’ve done this in the past, disabling SSLv3 after the POODLE attack was discovered.

Other companies providing cloud services are doing this too. For example, Cloudflare has also deprecated TLS 1.0. More and more web services will do this over time.

Less than 1% of clients will be affected by this change. Over 99% of TLS connections to Pusher Channels are already using TLS 1.2. We measured this across all Channels clusters. You can find a list of web browser versions supporting TLS 1.1 here. It is also recommended you keep your Pusher HTTP/Websocket libraries up to date.

That is why we have taken the decision to stop supporting TLS 1.0. On the 22nd of September 2018, we will begin disabling support for TLS 1.0 across all our infrastructure. This change will keep our platform safe and secure for our users.

If you have any queries at all regarding this reach out to us at support@pusher.com.