On December 5, 2017, we will be disabling support for the TLS 1.0 and TLS 1.1 encryption protocols to align with industry best practices for security and data integrity. Read on to make sure you don’t lose access to TazWorks!
What is TLS?
TLS stands for Transport Layer Security and is a cryptographic protocol used to ensure the privacy and data integrity of communications on computer networks. TLS is widely adopted and is used by many secure websites, including TazWorks InstaScreen, to encrypt and authenticate communication between their servers and web browsers. There are currently three widely supported versions of TLS: TLS 1.0, TLS 1.1, and TLS 1.2.
The TazWorks servers currently support secure communications with client web browsers and third-party systems using any of TLS 1.0, TLS 1.1, or TLS 1.2, with a default preference for TLS 1.2.
What is the change?
Beginning on December 5, 2017, InstaScreen will support only TLS 1.2 for establishing secure communication channels. Attempts to establish secure connections using TLS 1.0 or TLS 1.1 will fail.
Why is this happening?
TazWorks takes the security of your data seriously. We focus on continually improving security by following industry best practices and guidance. Early versions of TLS are no longer considered sufficient for maximum peace-of-mind, so we are removing support for them in favor of the latest TLS 1.2 protocol.
How will CRAs and clients be impacted?
Current versions of modern web browsers (e.g. Chrome, Firefox, Microsoft Edge, Internet Explorer 11, Safari) support TLS 1.2 and have done so for several years. If you are using a current browser to connect to TazWorks, you should see no impact. You can make sure your browser is up to date by by visiting our test site at https://tls12.instascreen.net. If you see the page below when you go to that link, you will not be impacted at all by this change. You do NOT need to log in. As long as what appears on your screen matches the screenshot below, you will not be impacted by this change.
If you are unable to access our test site, you will need to work with your information technology team to update your browser to support TLS 1.2 before the cutoff date.
If you use one of the following operating system AND browsers (or anything more current than these), you should be fine:
- Windows 8.1, Windows 10
- Windows Server 2012, Windows Server 2012 R2, Windows Server 2016
- CentOS 6 / RHEL 6
- Mac OS X 10.9
- iOS 5.x
- Android 5.x
- Internet Explorer 11
- Internet Explorer Edge
- Google Chrome v.30
- Mozilla Firefox v.27
- Apple Safari v.7
- Opera v.17
- Salesforce has also compiled extremely thorough documentation to help you or your users know exactly what needs to be updated, and where and how to do so.
- Unbranded guide on how to update Internet Explorer, so you can customize and share with your clients as needed (the most common issue for users not using TLS 1.2)
- Unbranded guide on how to update your Android phone browser (the second most common issue for users not using TLS 1.2)
How will partners be impacted?
Third-party systems (e.g. Applicant Tracking Systems, Property Management Systems, Data Providers, etc.) will need to ensure that the software libraries and run-time environment they use to communicate with TazWorks through our various programmatic interfaces support TLS 1.2.
These applications and frameworks currently meet TLS 1.2 standards:
- OpenSSL 1.01
- JDK 8
- .NET 4.6
- Apache 2.2.23
Partners can verify that their systems support TLS 1.2 by using their system to establish a secure connection with our test site configured at https://tls12.instascreen.net.
If you are able to correctly communicate with our system, you will get an error telling you that you aren’t able to log in because you don’t have the correct sign-in credentials. This error is good, since it shows that our system is getting signals from you and able to communicate in return.
However, if you receive an error at the network level that the connection itself has failed or been refused, this means your software is not currently compatible with TLS 1.2, and your system will not be able to communicate with TazWorks starting on December 5th. Please begin working immediately with your information technology team to update your libraries and environments to support TLS 1.2 before the cutoff date.