Vimeo has made a new statement about the situation with deprecated TLS protocols on one of their CDN providers. A Vimeo employee, Dana Cacciatore, has stated in this forum thread:
Our CDN provider has just implemented a fix that should restore playback functionality on older browsers and applications.
Please note that this is only a temporary fix. The deprecation plan of TLS 1.0/1.1 is mandated by the PCI Security Standards Council and will force numerous providers across the internet to adjust according. Our team will be working on a communication plan that outlines specific details for users who access Vimeo on older browsers and devices.
In the last few days, some of you may have noticed that the Vimeo-hosted videos are not playing on older Android devices – specifically the versions 4.x. and lower.
The reason for this is that one of Vimeo’s CDN providers, Fastly, is deprecating the versions 1.0 and 1.1 of the TLS protocol. As Tommy Penner from Vimeo’s support team said in this thread:
“Deprecation of TLS 1.0 and 1.1 affects Vimeo-hosted image and video file assets served from Fastly. In the immediate future, requests to Vimeo and the Vimeo API will continue to respond as expected, however links to images and video files served from Fastly that are returned in API responses may return errors. To continue uninterrupted usage, and to better secure your application, your application or client must be upgraded to TLS 1.2.”
The browsers on which you can experience the failing videos include Google Chrome and all the native browsers based on WebKit. We have also tested iOS devices as far as to iOS 5, and although it worked, we had some reports of issues on OS X. We found out that the issue can affect Safari on OS X 10.6.8 and lower. The simplest solution right now is to suggest the users to download and use the Firefox browser.
It is probable that Vimeo will solve the issue with their CDN in the upcoming days. In the meanwhile, users with Android version lower than 5 and browser other than Firefox will get this message after the video fails:
At this point, pushing users to download and use a new browser might seem like too much. But the fact is, that more and more services will be deprecating the support of the TLS versions below the actual 1.2, and users with old devices will start to have more and more difficulties with their browsing. This can be a preliminary precaution.