Deprecating TLSv1 and TLSv1.1

In a constant effort to make our products more secure, Digication will be disabling support for Transport Layer Security (TLS) v1 and v1.1, effective March 1, 2019. These versions lack support for current and recommended cipher suites, and various government and industry profiles of applications using TLS now mandate avoiding these old TLS versions. TLSv1.2 has been the recommended version for IETF protocols since 2008, providing sufficient time to transition away from older versions. We are urging schools to upgrade to TLSv1.2 before this date. Please read below to determine if you are affected and, if so, how to start making preparations for the change. 

Impacts

The types of traffic which would be impacted include:

  • Digication product web interfaces viewed in a browser
  • Calls to API endpoints
  • Any other HTTPS traffic not listed here

Many of HTTPS requests to Digication already use the newest version of TLS, v1.2. This includes all recent versions of our supported browsers; however, some requests include a number of remote systems, scripts, and programs which interact with our APIs; all of which use older versions of Java, PHP, OpenSSL, .NET Framework, RestSharp, NING or Python’s ssl module when negotiating the secured connection to Digication. All of these will be unable to connect once we disable TLSv1 and TLSv1.1.

How to tell if you will be affected by this change

We plan to contact some teams and users directly, based on what we find in our logs. However, we recommend that you check to make sure that everything you use to connect to Digication supports TSLv1.2. This includes (but is not limited to) your browser, server systems, API clients, and anything else that may be linked to our products.

The following list is an overview of items which may or may not affect you. 

  • Browser connections to Digication are probably unaffected, unless you use a very old browser. Wikipedia has a chart detailing TLS support in Web browsers, and you should be able to check your browser’s version there. Some browsers also make connection details visible in the developer tools or by clicking the padlock icon in the address bar.
  • Java-based systems that connect to Digication may be affected; you will need to check the underlying version of Java. JDK 8 is unaffected; JDK 7 versions 1.7.0_131-b31 and later are unaffected; JDK 7 versions earlier than 1.7.0_131-b31 are affected; and JDK 6 and older are affected.
  • Python-based systems that connect to Digication may be affected; if you don't have Python >= 2.7.9 and OpenSSL >= 1.0.1 you will need to upgrade your Python environment. The change to the ssl module was only back ported to 2.7.9.
  • Verify that PHP and libcurl versions are up to date and support TLS 1.2. Also, please ensure you have not configured your code to force TLS 1.0 or 1.1. The libcurl constant looks like this CURL_SSLVERSION_TLSv1. If this is set, you will want to remove it.
  • Command line tools on UNIX-based systems (including macOS, Linux, and all BSDs) may be affected. 
  • If you have an API client that queries a Digication product, then please check the libraries your client use support TLSv1.2 at a minimum.

Next Steps: You have an affected library or client, or Digication has informed you directly that you will be affected by this change 

If you believe that your runtime or your machine is preventing the negotiation from going above 1.0, you can write a script to call the URL https://www.howsmyssl.com/a/check which returns some JSON information about the connection. It then prints out the TLS version that was used. These scripts are all set to allow the negotiation process to choose the best options (TLS1.2), if you are not seeing 1.2 then some language or machine dependency does not support a modern enough version.

Please upgrade anything that is affected before March 1, 2019. The exact details of your upgrade will depend on what you use and how it’s installed. We don’t have enough room here to list all the different combinations, unfortunately, but we hope that the section above will point you in the right direction. We’ll remind everyone as March 1 approaches, but if you discover that you are affected, then you need to start planning now.

Keeping your Digication product experience secure is a priority for us. We understand that system upgrades can be complicated, especially on shared systems. We appreciate your support and patience as we disable older versions of TLS in the coming months. 

As always, please contact our support team if you need additional information or ask questions in the comments below! 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.