Security Upgrade Notice: Update Browser and .NET to TLS 1.2 or higher.

As of May, 2018, SecueDock will remove all support for the protocols TLS 1.0 and 1.1. After this date, any SecureDock partner or customer whose browser or API client does not support TLS 1.2 will find that their SecureDock applications will not work. Going forward, all new users will be required to use use TLS 1.2. or higher.

For the best security, SecureDocck recommends upgrading to TLS 1.2 as soon as possible for your organization. This means that if you currenty running any old or new version of Mircorsoft Windows, then you should be running the most recent version of .Net framework, as well the most recent version of your preferred internet browser.

Important: Please ensure that your technical teams upgrade to at least .NET 4.5 to ensure you support TLS 1.2.

What is TLS?

Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third-party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).

How to Check If You Are Affected:

To check your browser for TLS 1.2 support: Visit the SSL/TLS Capabilities testing page.

To check your .NET version (using IE): Visit the “Do you have .NET?” web page.

Why is SecureDock Upgrading to TLS 1.2?

Here at SecureDock, your security is of our utmost importance. In order to continue delivering high-quality and secure solutions to our users, we must continuously observe and adjust our systems according to the latest and greatest security standards and protocols.

TLS 1.0 is no longer secure. Exploits now exist to downgrade a connection based on TLS 1.0 to an older version of the protocol. There is no active exploit affecting all of TLS 1.1, but the downgrade attack works on some versions and installations and academically speaking, TLS 1.1’s hash functions are under threat.

If you are using an older SSL/TLS protocol revision you may be putting yourself at risk with the possibility that someone else may be sitting on the line and taking in your data while absolutely nothing about the connection indicated it. A compromised secure connection is no different from an insecure connection, but may give a false sense of security.

The revision and deprecation of protocols is an expected, occasional thing, as encryption techniques improve and processing speeds increase over time. This deprecation and notice is for our customers’ security. Anyone keeping up with the latest developments will already be secure, but those who have not kept up to date could end up using an insecure method.

Who Will Be Affected by the TLS Upgrade?

There are two primary parties who will be affected:

  1. Anyone running older internet browser versions. If you are not keeping up with the latest browser updates, everything you do online is at risk! Read this article for a detailed table showing the TLS support (as well as other security features) of the most commonly used desktop and mobile browsers: https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers
  2. Anyone running older builds of .NET or other environments that do not support TLS 1.2.
    Note: It is necessary to upgrade to at least .NET 4.5 to have support for TLS 1.2.

As always, the recommendation remains to use the most recent version of whichever web browser is available to you for the most up-to-date and secure browsing experience.

Technical Resources:

TLS 1.1 Spec: http://tools.ietf.org/html/rfc4346

TLS 1.2 Spec: http://tools.ietf.org/html/rfc5246