I'm in a bit of a dilemma with security and compatibility being at odds with each other. In order to mitigate the growing list of security problems with TLSv1, I need to disable version 1 on our server (I know how to do this, so this is not a server issue). The problem is, IE 9 and 10 do not support TLSv1.1 or TLSv1.2 by default. These can be turned on manually in Internet Options/Advanced/Security.
And there's the problem: it has to be enabled manually. Asking users to go through this process in order to use our sites will most likely end up in a lost sale. And if a customer disables something that should not be disabled in the security settings, that can lead to more problems for them.
Where's the middle solution here? Most of our traffic is on IE 10. Disabling TLSv1 will shut those customers out. Does anyone know if there's an update around the corner that might enable v1.1 and 1.2 by default?
Thank you in advance.