Mapp Cloud: Security Updates TLS 1.2
    • 2 Minutes to read
    • Dark
      Light

    Mapp Cloud: Security Updates TLS 1.2

    • Dark
      Light

    Article summary

    22 Mar 2019 Mapp ends support for Transport Layer Security (TLS) 1.0 and 1.1. Transport Layer Security (TLS) is a cryptographic protocol for secure internet communication. This protocol includes communication servers and web browsers and also between servers, such as for API calls.

    Why?​

    • Mapp has legal and contractual obligations to maintain state-of-the-art security of its services. TLS versions 1.0 and 1.1 have inherent weaknesses and are no longer used.

    • There have been documented attacks against TLS 1.0 using an older encryption method, and the older versions are more vulnerable than TLS 1.2. For more information, see Attacks against TLS/SSL.

    • Most requests for Mapp web services originate from TLS 1.2-compliant systems, with low traffic from TLS 1.1 systems. To ensure secure access to web services, Mapp will not wait for security patches for TLS 1.1 and no longer supports anything older than TLS 1.2.

    • Clients have already asked when Mapp will shut down support for TLS1.0/1.1 after their security audits.

    • For these reasons, support for TLS 1.0 and 1.1 is deprecated as of July 2019. From this point, only TLS 1.2 and future versions are supported.

    When Does This Change Take Effect?​

    July 1, 2019.

    Effective July 1, 2019, all client systems must be compliant with the new Transport Layer Security 1.2 protocol. Otherwise they risk a loss of access to some Mapp Cloud services.

    How Does This Affect You?​

    You are affected if you are using older versions of the browsers, operating systems or application frameworks that are listed in the following tables.

    Browser

    Secure Version

    All

    Mapp always recommends that clients use the latest browser versions as per the System Requirements page in the Mapp Cloud Online Help. See ​System Requirements​.

    For a list of TLS1.2 compliant browsers, click here.

    Tab. : Operating Systems

    Operating System

    Secure Versions

    Windows Server

    Windows Server 2012R2, or later.

    Windows Server 2008 requires TLS1.2 enablement.*

    Windows Desktop

    Windows 8.1, or later.

    Win Vista requires TLS1.2 enablement.*

    Mac OS X

    Mac OS X 10.8 or later

    Linux

    Debian from Version 7 (Wheezy) or newer

    Ubunutu 14.04 (Trusty Tahr) or newer

    Centos / Red Hat Enterprise Linux 6

    SuSE Enterprise Linux 12 or newer

    * TLS 1.1 & TLS 1.2 are disabled by default on released before Windows 8.1. Administrators must enable the settings manually via the registry.

    Refer to this article on how to enable this protocol via the registry: https://support.Microsoft.com/en-us/kb/187498

    Tab. : Application Frameworks

    Framework

    Secure Versions

    Java

    Java 8, or later.

    Java 7, with TLS 1.2 enabled from the app

    .NET

    .NET 4.6, or later

    .NET 4.5, with TLS 1.2 enabled from the app

    PHP

    PHP 5.6 or later + OpenSSL 1.0.1 or later

    OpenSSL

    OpenSSL 1.0.1, or later

    Additional Important Information​

    If you do not update your affected browser, operating system, or application framework, you can lose access to Mapp services.

    Possible Problems

    • “https” links in messages that are sent from Mapp Cloud do not work when used in old browsers that do not support TLS protocols of TLS 1.2 or higher.
      Outbound emails are in TLS 1.2, where possible. Only 0.8% of outgoing mail traffic is impacted here.

    • Systems that send API calls and still use API interfaces before TLS 1.2 do not work.
      For the operating systems, browsers, and application frameworks or interfaces that support TLS 1.2.

    • Inbound messages or replies sent from clients who do not support TLS protocols of 1.2 or higher do not reach Mapp Cloud and are dropped.

    • Outbound emails are sent in TLS 1.2, where possible. Only 0.8% of outgoing mail traffic is impacted here.

    For more information, contact your Account Manager.


    Was this article helpful?