LuxSci will be performing a reboot of rs126.luxsci.com so that hardware a maintenance update can take effect. Customers can expect 5 - 10 minutes of downtime on the shared web server sometime during the maintenance window.

Should an unexpected issue arise, LuxSci staff will be there to address it.
Posted on Dec 13, 21:37 EST

Update June 17th, 2019: LuxSci has pushed back the general date of the transition to TLS 1.2 only support to January 1st, 2020.  This matches the timeline set my most browser vendors and others for abandoning the old versions of TLS and gives existing customers more time to upgrade their systems.  However, new dedicated LuxSci customers will be placed on servers that support only TLS 1.2+ starting this week.  The rolling update window is now January 1st through January 31st, 2020. 

That said, LuxSci will still be transitioning to requiring TLS 1.2+ support for email transmission ("Forced TLS") during the July-August, 2019 window.

Additionally, any dedicated customer that would like to transition to TLS 1.2+ sooner, may do so at any time my asking LuxSci support.

See the original blog post: LuxSci to upgrade all Systems to support only TLS v1.2+ only

---------------------------------------------

LuxSci will be removing support for TLS v1.0 and TLS v1.1 from its services starting July 1st, 2019. This update will be a rolling change to all servers that will take place between July 1st and August 31st, 2019.

TLS v1.0 and TLS v1.1 are very old transport security protocols that have been succeeded by the much more secure TLS v1.2, which came out way back in 2008. All major web browsers released in the last 6+ years support TLS 1.2. Older web browsers may or may not support it (check your browser - https://www.projectdatasphere.org/projectdatasphere/html/tls/faq); however, less than 1% of web traffic across the world actually use the older protocols TLS 1.0 and 1.1.

TLS 1.0 and 1.1 are showing their age and security weaknesses have been cropping up for a while. Requirements for PCI compliance have mandated using TLS 1.2+ only since last summer and NIST best practices for TLS usage suggest moving away from older versions of TLS soon. LuxSci has been locking down dedicated customers that require use of only TLS 1.2+ for some time as well. In 2020, most major web browser vendors will be completely dropping support for TLS 1.0 and 1.1 as well. See: https://www.bleepingcomputer.com/news/security/tls-10-and-tls-11-being-retired-in-2020-by-all-major-browsers/

So, it really is time to give up the ghost. During the rolling maintenance period of July and August, LuxSci will be removing TLS 1.0 and 1.1 support on all dedicated and shared servers. This change affects:

* Web site hosting (i.e., what TLS versions your LuxSci-hosted web site will accept).
* Email sending via SMTP
* Email checking via POP and IMAP
* LuxSci's WebMail and administration portals
* LuxSci's Spotlight Mailer interface
* LuxSci's SecureForm for posting services
* Connections to LuxSci's APIs
* Email open and click tracking
* SMTP Forced TLS. We will only support forced outbound TLS with SMTP servers that support TLS v1.2+. We may still support opportunistic TLS with legacy SMTP servers; however, we will no longer consider such communications to be secure enough for compliance.

In general, most customers will not notice any difference. However, if you use old, legacy systems, you will want to be sure that you either (a) upgrade your systems, or (b) ensure that your systems will support TLS 1.2 for connections to LuxSci's servers.

For customers with dedicated servers that do not have specific compliance requirements (i.e., HIPAA or PCI), LuxSci can leave your server supporting TLS 1.0 and 1.1 through December 31st , 2019. If you require this extension, please contact LuxSci technical support.
Posted on Apr 8, 13:36 EDT

During February, 2020, LuxSci will be removing all legacy support for logging into accounts without the use of TLS encryption.

Certain LONG-time legacy customers who do not have specific security or compliance requirements have a grandfathered ability to enable their users to login to specific services without TLS encryption -- i.e., in plain text. Often, this capacity was used to support legacy hardware devices (e.g., printers and scanners) that did not support TLS.

This grandfathered insecure login permission is being globally removed during this maintenance window. No one should be considering using any system that sends credentials of any kind "in the clear" across the public internet, no matter what the legacy reason. After all these years, the majority of equipment and software finally does support TLS so the barrier to better security is minimal.

Any legacy LuxSci customer that is currently using insecure logins for POP, IMAP, SMTP, or FTP should update their systems to use the secure alternatives before February 1st, 2020. Once the servers are updated, such connection attempts will begin to fail.

LuxSci will be auditing its customers and sending direct notices to those that have recently made insecure connections to alert them to this forced change.
Posted on Nov 26, 14:58 EST

During the month of March, 2020, LuxSci will be upgrading all servers still running MariaDB v5.5 to v10.2. This upgrade is happening because MariaDB v5.5 is reaching its end of life and will stop receiving security updates after April 11th, 2020 (See: https://mariadb.org/about/)

This maintenance will be performed in a rolling fashion and, in general, only a few seconds of database downtime is expected as each server is updated. Your server could be updated at any time during the month.

If you would like to have your server upgraded before March, or if you would like to upgrade to MariaDB v10.4 instead, please contact support. We are upgrading to v10.2 in general as it is well used, very stable, and supported for two more years. Additionally, upgrades to v10.4 may require a longer downtime due to changes in InnoDB table format support.

While there is little downtime and impact expected from the database migrations, it is possible that your web applications may be using a feature of MariaDB v5.5 that is no longer available in v10.2, breaking your application. It does not seem like there are many backwards incompatible changes; however, we recommend that administrators review the following pages and check with their developers to make sure that there are none that apply to them:

- https://mariadb.com/kb/en/library/upgrading-from-mariadb-55-to-mariadb-100/
- https://mariadb.com/kb/en/library/upgrading-from-mariadb-100-to-mariadb-101/
- https://mariadb.com/kb/en/library/upgrading-from-mariadb-101-to-mariadb-102/

If you have any questions, please contact LuxSci support.
Posted on Dec 9, 12:04 EST