The ARRL website updated its security software on October 15 in order to meet standards required to continue accepting credit cards for internet purchases. ARRL Information Technology Department Manager Mike Keane, K1MK, said that the upgrade should not affect the vast majority of members, beyond a guarantee of better security on the website. It’s possible that those using old browsers or running outdated operating systems could encounter a browser error message when trying to log in or make a purchase on the website. To check if your browser will be affected by this change, you can use the “How’s My SSL?” website to advise you of your browser’s version. Also affected by the upgrade was the ability of certain logging software running under Windows 7, 8, and 10 to continue downloading ADIF reports from Logbook of The World (LoTW). Uploads via TQSL are not affected.
“Affected users should report the issue to their logging application software vendor,” Keane said. “In several cases, logging application vendors have already released updates of their products that resolve the problem.”
Keane said the security update and any possible disruption in service are for the sake of progress, “and represent the reasonable efforts that our members expect from us in order to secure their private information.” The updates completed this week were mandated security-related changes that allow ARRL to continue to accept credit cards for purchases and memberships via the website. “These security changes are no different than what is required by other organizations and vendors performing online transactions,” Keane noted.
The updates were carried out in order to comply with PCI Security Standards Council requirements. All payment processors, merchants, service providers, and other stakeholders must use TLS 1.1 or higher to ensure the transmission and receiving of secure communications. TLS is a cryptographic protocol that provide authentication and data encryption between different endpoints (e.g., a client connecting to a web server). On October 15, ARRL disabled support for the outdated TLS 1.0 protocol.
Among the browsers that are safe to continue using are Google Chrome 30 or higher (version 40 or higher recommended), Mozilla Firefox 27 or higher (version 34 or higher recommended), Microsoft Internet Explorer 11 or higher, Apple Safari 7 or higher (Safari 5 or higher on mobile), all versions of Microsoft Edge, and Opera 17 or higher (version 27 or higher recommended).