All connections to Click & Pledge payment pages use a secure web connection as indicated by the "https" and/or Green Padlock in the address bar. There have been different communications configurations (Protocols) used over the years to create a secure connection. Unfortunately, some of the older ones are no longer secure.
SSL 2.0 and 3.0, and TLS 1.0 are vulnerable to "Man-in-the-middle-attacks". This vulnerability is known as the "POODLE" vulnerability, which was a major topic in the media in the last quarter of 2014. At the time only affected SSL 2.0 and 3.0. It was later determined that TLS 1.0 was susceptible to a similar means of attack.
In order to maintain a secure connection for our customers, Click & Pledge disallowed SSL 3.0 on all systems in November 2014. We have also phased out the use of TLS 1.0 over the last few months as browser vendors released versions that provided for TLS 1.1 and 1.2 support.
At this time (August 2015), the vast majority of browsers connect with TLS 1.1 or above by default. However, some donors are still using older browsers. Because IE 9 and earlier versions of Internet Explorer do not have the capability of using TLS 1.1 and 1.2, they are no longer supported by Click & Pledge.
While IE10 does not connect to checkout pages and connect widgets by default, it can work if configured to allow TLS 1.1 and 1.2 connections. Making the following setting changes in your IE10 web browser will not only allow you to view Click & Pledge payment pages, it will make https connections to other sites safe and secure.
To enable these settings in Internet Explorer:
- Select "Tools" > "Internet Options".
- NOTE: Depending on your IE settings, the "Tools" menu may be a gear icon in the upper right hand corner.
- Go to the "Advanced" tab.
- Scroll down to the "Security" section.
- Locate and CHECK the following secure connection protocols
"Use TLS 1.1"
"Use TLS 1.2".
- Insure that the following security protocols are UNCHECKED:
"Use SSL 2.0"
"Use SSL 3.0"
"Use TLS 1.0"
- Compare this image with your settings and make sure the "Use SSL" or "Use TLS" settings match
- Press the "OK" button.
You should now be able to view Click & Pledge payment pages and widgets.