*Note - a previous version of this article mentioned 1 March 2018 as the cut-off date.  This has been moved back to 31 May 2018


We are continuing to take steps to move towards a more secure web browsing experience for our users by removing support for any version of Transport Layer Protocol lower than 1.2.  The support will end on 31 May 2018 and will not be reversible.  It might be possible that users within your organization may be negatively impacted if you are using unsupported browsers or unsupported services, such as EZProxy.  Web traffic analysis suggests that less than 5% of all visitors could be affected by this change.


What is Transport Layer Security protocol?

In short it is an important piece of security enabling privacy and protection for data transmitted between client / server applications.  TLS version 1.0 was introduced in 1999 and it is no longer as secure as later versions, namely v1.2 released in 2008.  Springer Nature will be dropping support for TLS below v1.2 starting 31 May 2018. All clients able to speak TLS v1.2 will be considered safe and thus allowed to communicate with our servers.  We’ve provided some links at the end of this communication for you to learn more about this protocol.


What does removing this support mean for you and your users?  

For most users there will be no noticeable change except improved security.  TLS v1.2 has been supported by all major browsers since 2016 and is activated by default in the settings. Mobile browsers running on older smart devices and end-of-life machines are the most likely to be affected. 


What do you need to do to ensure you can continue to access Springer Nature websites on 1 March 2018 and beyond?  

It depends on your browser.  There are ways to check for Chrome, Firefox, Safari, Internet Explorer, Opera, Edge, and others.  However as a rough guide, browsers or technologies of the following specification or lower will no longer work on Springer Nature sites:


  • Android 4.3

  • Baidu Jan 2015

  • IE7 / Vista

  • IE8 / XP

  • IE 8-10 / Win 7

  • IE 10 / Win phone 8.0

  • Java 6u45

  • Java 7u25

  • OpenSSL 0.9.8y

  • Safari 5.1.9 / OS X 10.6.8

  • Safari 6.0.4 / OS X 10.8.4    


What about proxy or proxy services?  

If you use a proxy service you will need to check with your proxy provider or IT staff to make sure your proxy uses TLS v1.2 when communicating with our websites.  We understand many of our customers use EZproxy and as such we’ve already communicated this change with OCLC.  They have updated the stanza for SpringerLink stating EZproxy version 6.1.16 or later is required to proxy with SpringerLink. 


OCLC advised us that the only version of EZproxy that they still support that is not compliant with TLS v1.2 is version 6.0.8.  If you are running EZproxy locally that is older than version 6.1.16 it may not work to proxy on TLS v1.2.  Please contact OCLC for further information if either of these scenarios apply to you.


If you have any concerns please refer to our help pages or submit a query to our Digital Customer Service team here 


Additional Resources:

SpringerLink Stanza (OCLC)

Security Suppor (OCLC)


SpringerLink

Configuring a Proxy to work with SpringerLink


General Information about TLS

https://en.wikipedia.org/wiki/Transport_Layer_Security

https://www.techopedia.com/definition/4143/transport-layer-security-tls

https://www.w3.org/2001/tag/doc/web-https