Dropping support for insecure browsers


As of today we are requiring voters and election organizers to connect to Simply Voting using TLS 1.2. The TLS protocol is used by browsers to encrypt communication between the visitor and the website. Its use is indicated by a green padlock in the browser window confirming that the connection is secure. TLS 1.2 is the modern version that supports the latest cryptographic ciphers, and is much more secure than TLS versions 1.0 and 1.1 which have been proven vulnerable to hacking.

By requiring TLS 1.2, older browsers that do not support this version will not be able to access the voting website or Election Manager. Modern TLS is supported by Firefox 28+, Chrome 33+, Opera 19+, Safari 7+, iOS Safari 5.1+, Android Browser 51+ and Internet Explorer 11.

Users stuck on older operating systems such as Windows XP or Mac OS X Mountain Lion may still access Simply Voting by using an alternative browser such as Chrome or Firefox. Users of Windows 7 that for whatever reason are prevented from updating Internet Explorer or installing an alternative browser can manually enable TLS 1.2 on Internet Explorer 8, 9 or 10 by checking it off in the Advanced tab in Internet Options.

After reviewing our logs we’ve determined that on average 0.2% of voters are using insecure browsers. This number will decrease over time as computers are updated, replaced, or have alternative browsers installed. Many large websites such as PayPal have already made this step, and there’s an approaching deadline of June 30, 2018 for websites to require a minimum of TLS 1.1 in order to remain PCI compliant (a security standard which Simply Voting adheres to) so many more will follow. While Simply Voting strives to make the voting system work with all browsers, we also place great importance on security. The time has come to drop support for insecure browsers, to make a safer voting system.