Security Enhancements for Springer Nature Platforms including SpringerLink
We are continuing to take steps to move towards a more secure web browsing experience for our users by removing support for any version of Transport Layer Protocol lower than 1.2. The support will end on May 31, 2018. It might be possible that some users may be negatively impacted if they are using unsupported web browsers or unsupported services. Web traffic analysis suggests that a small amount of all visitors could be affected by this change.
The information shared below will help to determine if there are steps you may need to take at an institutional level to ensure access continues uninterrupted for your patrons. Also, please note that this change is applicable to all Springer Nature websites (such as SpringerLink, Nature.com, Biomed Central, Palgrave and others).
What is Transport Layer Security protocol?
In short it is an important piece of security enabling privacy and protection for data transmitted between client / server applications. TLS version 1.0 was introduced in 1999 and it is no longer as secure as later versions, namely v1.2 released in 2008. In order to be compliant with mandated security changes Springer Nature will be dropping support for TLS below v1.2 starting May 31, 2018. All clients able to speak TLS v1.2 will be considered safe and thus allowed to communicate with our servers. We’ve provided some links at the end of this communication for you to learn more about this protocol.
What does removing this support mean for you and your users?
For most users there will be no noticeable change except improved security. TLS v1.2 has been supported by all major browsers since 2016 and is activated by default in the settings. Mobile browsers running on older smart devices and end-of-life machines are the most likely to be affected.
What do you need to do to ensure you can continue to access Springer Nature websites on May 31, 2018 and beyond?
It depends on your browser. There are ways to check for Chrome, Firefox, Safari, Internet Explorer, Opera, Edge, and others. However as a rough guide, browsers or technologies of the following specification or lower will no longer work on Springer Nature sites:
- Android 4.3
- Baidu Jan 2015
- IE7 / Vista
- IE8 / XP
- IE 8-10 / Win 7
- IE 10 / Win phone 8.0
- Java 6u45
- Java 7u25
- OpenSSL 0.9.8y
- Safari 5.1.9 / OS X 10.6.8
- Safari 6.0.4 / OS X 10.8.4
What about proxy or proxy services?
If you use a proxy service you will need to check with your proxy provider or IT staff to make sure your proxy uses TLS v1.2 when communicating with our websites. We understand many of our customers use EZproxy and as such we’ve already communicated this change with OCLC. They have updated the stanza for SpringerLink stating EZproxy version 6.1.16 or later is required to proxy with SpringerLink.
OCLC advised us that the only version of EZproxy that they still support, that is not compliant with TLS 1.2 is version 6.0.8. If you are running EZproxy locally that is older than version 6.1.16 it may not work to proxy on TLS v1.2. Please contact OCLC for further information if either of these scenarios apply to you.
If you have any concerns please refer to our help pages at springeronlineservice.freshdesk.com where you can also submit a query for our Digital Customer Service team.
|OCLC||SpringerLink||General Information about TLS|