<img height="1" width="1" alt="" style="display:none" src="https://www.facebook.com/tr?id=799187456795375&amp;ev=PixelInitialized">

Deprecating TLSv1.0 and TLSv1.1

February 25, 2021
By Aaron Couts

In order to strengthen the security of our API platform, we are discontinuing support for Transport Layer Security (TLS) 1.0 and TLS 1.1 on the TowerData API on April 6, 2021.

Google, Microsoft, Cisco, Apple, and Mozilla have already ended browser support of TLS 1.0 and 1.1 as of March 2020. TowerData has carefully reviewed this upgrade to its TLS standards in line with the industry best practices and proposed deprecation by the Internet Engineering Task Force (IETF). TowerData’s client portal (https://instantdata.towerdata.com) already has this update in place.

Please ensure that you are using TLSv1.2 and above to avoid any disruption in your access to the TowerData API.  This change will affect all connections to the following endpoints:

We’ll be performing this update on April 6, 2021.

In all likelihood, your systems are already up-to-date and using TLS 1.2. 

Linux:

$ openssl ciphers -v | grep TLSv1.2

...

ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD

...

The output should show TLSv1.2 ciphers with at least one overlap with the list of supported ciphers below.  If not, you’ll need to upgrade to a newer version of OpenSSL (v1.0.1 or later).

See: https://www.openssl.org/

Windows:

If you’re running Server 2008 or 2012, TLS 1.2 support was not available by default, so you’ll want to make sure you have the relevant updates installed in order to support TLS 1.2. If you’re running Server 2012 R2, 2016, or newer, TLS 1.2 should already be installed and default.

See: https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi

Testing:

You may test your system’s ability to connect via TLS 1.2 with this endpoint: https://testtls.towerdata.com

This test site is not a functioning API.  It will return an empty JSON string (“{}”) for all requests.  It is not running on the same platform as our production API, but it is using an identical cipher suite.  So it should only be used for testing your system’s ability to connect via TLS 1.2.

$ curl https://testtls.towerdata.com/

{}

Supported ciphers:

ECDHE-ECDSA-AES128-GCM-SHA256

ECDHE-RSA-AES128-GCM-SHA256

ECDHE-ECDSA-AES128-SHA256

ECDHE-RSA-AES128-SHA256

ECDHE-ECDSA-AES128-SHA

ECDHE-RSA-AES128-SHA

ECDHE-ECDSA-AES256-GCM-SHA384

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-ECDSA-AES256-SHA384

ECDHE-RSA-AES256-SHA384

ECDHE-RSA-AES256-SHA

ECDHE-ECDSA-AES256-SHA

AES128-GCM-SHA256

AES128-SHA256

AES128-SHA

AES256-GCM-SHA384

AES256-SHA256

AES256-SHA

Please contact support@towerdata.com (646-742-1771 x3) with any questions.

References:

https://tools.ietf.org/id/draft-ietf-tls-oldversions-deprecate-06.html

https://security.googleblog.com/2018/10/modernizing-transport-security.html

https://docs.microsoft.com/en-us/office365/troubleshoot/o365-security/tls-1-2-in-office-365-gcc

https://support.umbrella.com/hc/en-us/articles/360033350851-End-of-Life-for-TLS-1-0-1-1-

Related Articles

Share Your Comments