TLS stands for “Transport Layer Security” and is a cryptographic mechanism used to facilitate secure connections and communications over the internet. Several incarnations of the TLS protocol have been developed over the years (1.0, 1.1, and 1.2), with 1.0 being the oldest and now approaching the ripe old age of 18!
TLS 1.0 is now considered a “legacy protocol” and “weak” by today’s cryptographic standards, as it is susceptible to several vulnerabilities. Modern web browsers automatically default to preferring TLS 1.2 or TLS 1.1 over legacy TLS 1.0 connections, however some older browsers do not support the more modern and secure TLS 1.1/1.2 protocols.
As part of our ongoing commitment to security, in early 2017 we intend to drop support for legacy TLS 1.0 connections to our client servers. The vast majority of users will be unaffected by this change, but if you’re using an older web browser/operating system, you may need to update.
The minimum browser requirements for MIDAS v4.14 (and later) have also been updated accordingly.
The following table of web browsers provides additional guidance as to any action you may need to take to ensure you can continue to access our site/your hosted MIDAS system in 2017:
|Microsoft Internet Explorer||11||OK (If you see the “Stronger security is required” error message, you may need to turn off the “Use TLS 1.0” setting via Internet Options → Advanced)|
|9-10||OK (When running Windows 7 or newer, however you’ll need to enable TLS 1.1 and TLS 1.2 in Internet Explorer by selecting the “Use TLS 1.1” and “Use TLS 1.2” boxes via Internet Options → Advanced)
Upgrade Required (Windows Vista, XP and earlier are incompatible and cannot be configured to support TLS 1.1 or TLS 1.2 – Please update your operating system)
|8 (or lower)||Please update to a more recent version of Internet Explorer|
|Microsoft Edge||All Versions||OK – No action required|
|Mozilla Firefox||27+||OK – No action required|
|23-26||OK (Use about:config to enable TLS 1.1 or TLS 1.2 by updating the security.tls.version.max config value to 2 for TLS 1.1 or 3 for TLS 1.2)|
|22 (or lower)||Please update to a more recent version of Firefox|
|Google Chrome (Desktop)||38+||OK – No action required|
|22-37||OK – No action required (Provided you’re running Windows XP SP3, Vista, or newer, OS X 10.6 (Snow Leopard) or newer)|
|21 (or lower)||Please update to a more recent version of Chrome|
|Google Chrome (Mobile)||Android 5.0+ (Lollipop)||OK – No action required|
|Android 4.4.x (KitKat)||Device Dependent (Some Android 4.4.x devices may not support TLS 1.1 or higher. Please refer to your device manufacturer if unsure)|
|Android 4.3 (Jelly Bean) (or lower)||Please update to a more recent version of Android|
|Apple Safari (Desktop)||7+||OK – No action required|
|6 (or lower)||Please update to a more recent version of Safari|
|Apple Safari (iOS)||iOS 5+||OK – No action required|
|iOS 4 (or lower)||Please update to a more recent version of iOS|
Important Information For Hosted API users:
If you’re a cloud-hosted MIDAS customer utilizing the optional MIDAS API, please ensure that your applications and the underlying programming language you develop in can support (and are correctly configured for) TLS 1.1/1.2 connections. For instance Java 6 (1.6) (and lower) and .NET 3.5 (and lower) languages don’t support TLS 1.1/1.2.
If your applications/programming languages do not support at least TLS 1.1, your MIDAS API calls will begin to fail in early 2017 once we disable TLS 1.0.
Please refer to the vendor of your programming language if you’re unsure whether it supports TLS 1.1/1.2, or for assistance enabling such support in your development environment.