Mapp Cloud: Security Updates TLS 1.2
Mapp ends support for Transport Layer Security (TLS) 1.0 and 1.1. Transport Layer Security (TLS) is a cryptographic protocol for secure internet communication. This protocol includes communication servers and web browsers and also between servers, such as for API calls.
Why?
Mapp has legal and contractual obligations to maintain state-of-the-art security of its services. TLS versions 1.0 and 1.1 have inherent weaknesses and are no longer used.
There have been documented attacks against TLS 1.0 using an older encryption method, and the older versions are more vulnerable than TLS 1.2. For more information, see Attacks against TLS/SSL.
Most requests for Mapp web services originate from TLS 1.2-compliant systems, with low traffic from TLS 1.1 systems. To ensure secure access to web services, Mapp will not wait for security patches for TLS 1.1 and no longer supports anything older than TLS 1.2.
Clients have already asked when Mapp will shut down support for TLS1.0/1.1 after their security audits.
For these reasons, support for TLS 1.0 and 1.1 is deprecated as of July 2019. From this point, only TLS 1.2 and future versions are supported.
When Does This Change Take Effect?
July 1, 2019.
Effective July 1, 2019, all client systems must be compliant with the new Transport Layer Security 1.2 protocol. Otherwise they risk a loss of access to some Mapp Cloud services.
How Does This Affect You?
You are affected if you are using older versions of the browsers, operating systems or application frameworks that are listed in the following tables.
Browser | Secure Version |
|---|---|
All | Mapp always recommends that clients use the latest browser versions as per the System Requirements page in the Mapp Cloud Online Help. See System Requirements. For a list of TLS1.2 compliant browsers, click here. |
Tab. : Operating Systems
Operating System | Secure Versions |
|---|---|
Windows Server | Windows Server 2012R2, or later. Windows Server 2008 requires TLS1.2 enablement.* |
Windows Desktop | Windows 8.1, or later. Win Vista requires TLS1.2 enablement.* |
Mac OS X | Mac OS X 10.8 or later |
Linux | Debian from Version 7 (Wheezy) or newer Ubunutu 14.04 (Trusty Tahr) or newer Centos / Red Hat Enterprise Linux 6 SuSE Enterprise Linux 12 or newer |
* TLS 1.1 & TLS 1.2 are disabled by default on released before Windows 8.1. Administrators must enable the settings manually via the registry. Refer to this article on how to enable this protocol via the registry: https://support.Microsoft.com/en-us/kb/187498 | |
Tab. : Application Frameworks
Framework | Secure Versions |
|---|---|
Framework | Secure Versions |
Java | Java 8, or later. Java 7, with TLS 1.2 enabled from the app |
.NET | .NET 4.6, or later .NET 4.5, with TLS 1.2 enabled from the app |
PHP | PHP 5.6 or later + OpenSSL 1.0.1 or later |
OpenSSL | OpenSSL 1.0.1, or later |
Additional Important Information
If you do not update your affected browser, operating system, or application framework, you can lose access to Mapp services.
Possible Problems
“https” links in messages that are sent from Mapp Cloud do not work when used in old browsers that do not support TLS protocols of TLS 1.2 or higher.
Outbound emails are in TLS 1.2, where possible. Only 0.8% of outgoing mail traffic is impacted here.Systems that send API calls and still use API interfaces before TLS 1.2 do not work.
For the operating systems, browsers, and application frameworks or interfaces that support TLS 1.2.Inbound messages or replies sent from clients who do not support TLS protocols of 1.2 or higher do not reach Mapp Cloud and are dropped.
Outbound emails are sent in TLS 1.2, where possible. Only 0.8% of outgoing mail traffic is impacted here.
For more information, contact your Account Manager.