A new browser version has been deployed to all users. They cannot access the secure time-card SaaS; rolling back to the older version restores access. What is the most likely cause of the security error?

• A. SSL certificate expiration on the SaaS load balancers.
• B. Federation issues between the SaaS provider and the company.
• C. Obsolete security technologies implemented on the SaaS servers.
• D. Unencrypted communications between the users and the application.

Answer: (C)

This question hinges on how modern browsers enforce stronger security during the TLS handshake and how servers using older security configurations interact with those requirements. A new browser version often disallows weak encryption and older TLS versions. If the SaaS servers still rely on obsolete security technologies (old TLS versions or weak ciphers), the handshake can fail and access is denied. Downgrading the browser back to a version that supports those older security methods allows the connection to succeed again, which is why rolling back fixes the problem.

An expired SSL certificate would block access regardless of the browser version, so that wouldn’t be resolved by rolling back the browser. Federation issues would affect identity/trust flows rather than the encryption handshake. Unencrypted communications would be flagged or blocked by modern browsers as insecure, not specifically tied to just the browser version upgrade.