As part of our ongoing efforts to improve security on Flywheel, we’ve made some changes to the security and encryption technologies we support on sites that have an SSL certificate enabled. This includes both Simple SSL via Let’s Encrypt™, and BYO (Bring Your Own) SSL certificates purchased from third-party providers.
Previously, we supported TLS 1.0, 1.1, and 1.2, as well SSL versions 1, 2, and 3. We also supported all the cipher suites included in those standards. This ensured that we didn’t “lock out” users with older browsers.
However, part of our promise to Flywheel users is that we keep sites up-to-date and secure, and eventually, backwards compatibility began conflicting with that promise. Older cipher suites and security versions are vulnerable to security exploits, and no longer meet the requirements of PCI-compatibility scans that many of our eCommerce customers have to perform quarterly. Therefore, we’re now following best practices for the industry and intend to continue doing so going forward.
As of January 2017, sites on Flywheel with SSL enabled will no longer support SSL 1/2/3, or TLS 1.0 and 1.1. Additionally, we no longer support “legacy ciphers” that are now considered insecure.
For those interested in the specifics, the following is a list of ciphers that Flywheel does continue to support:
Flywheel users don’t need to do anything differently or make any changes; this upgrade is automatic. As long as your site’s visitors are using a fairly modern browser (listed below), the change will be invisible.
That means the vast majority of your site’s visitors (and possibly all of them) will notice no difference whatsoever. Modern browsers account for all but a tiny percentage of all internet traffic. The small number of users who may be affected are likely using extremely outdated browsers, and should upgrade as soon as possible for many other reasons anyway.
All of the following browsers fully support TLS 1.2 and the above cipher suites:
If you do have a need to keep older protocols and ciphers active on your site, submit a ticket and we can put an exception in place for you. Just note that this is not as secure, and may cause your site to get a lower score on security tests like PCI compliance.
The most commonly asked questions, and a few we just think you should know.26 Articles
Questions that don't fit elsewhere, or those about Flywheel in general.59 Articles
Everything you need to know to get your first Flywheel site up and running.16 Articles
Details about how to manage DNS and point your domain names at Flywheel.13 Articles
Questions relating to payments, billing and managing your account on Flywheel.13 Articles
Learn everything there is to know about what Blueprints are, how to create them and how to make the best use of them.5 Articles
How to access your WordPress database to make changes and update content.3 Articles
Everything you need to know about our amazing, free local WordPress development software for Mac and PC.6 Articles
Everything you need to know about managing your team with our Organizations feature.8 Articles
Which plugins work best, which plugins work worst, and everything in between.7 Articles
Details about everything Flywheel does to makes your site so secure.13 Articles
Information on setting up and troubleshooting with SFTP connections and file transfers.4 Articles
All there is to know about our free, automatically installed and activated SSL certificates.9 Articles
How to get the most out of Staging, which allows you to duplicate a site, make changes, and then push those changes to the live site.7 Articles
Everything you need to know about our Whitelabel subscriptions for branding and reselling Flywheel.4 Articles