Go full SHA-256 by June or get locked out


February 17, 2016

Online businesses in the UK will have to update their systems and adopt SHA-2 before June in order to avoid losing access to vital payment and money transfer services.

Failure to change before a 13 June deadline will leave merchants unable to use Bacs Payment Schemes Limited (Bacs) to make salary or supplier payments or to collect by direct debit. The UK banking payments service has given notice that in intends to lock out laggards from using secure websites by dropping support for obsolete crypto protocols, as explained below.

From 13 June 2016, Bacs is adopting the new security, called SHA-256 SSL. At the same time as this change is being made, Bacs will withdraw support for older connection protocols to provide even more protection for the communications pipeline between the internet-based service access points, Bacstel-IP and the Payment Services Website, and the service user. After 13 June 2016, only TLS 1.1 and 1.2 will be supported.

Read full story…