TLS 1.0 and 1.1 Deprecation

 

At WhosOnLocation, we use Transport Layer Security (TLS) to secure communication between WhosOnLocation and client apps that communicate with us.

To strengthen the security of our customers data, WhosOnLocation will no longer support TLS 1.0 or TLS 1.1 from 1 September 2018. This aligns WhosOnLocation's security with a number of other online services such as Salesforce, Xero and in October, Microsoft Office 365.

If your WhosOnLocation users or Kiosks are already using a recent web browser version that supports TLS 1.2 then there’s nothing for you to do. But if they are using an older web browser such as Internet Explorer 9 or 10, you should check to make sure it can support TLS 1.2. TLS 1.2 has been available for a while now and we recommend you enable or upgrade to this latest version if possible.

Quick tip: use our SSL check page to identify if your browser supports TLS 1.2.
Visit https://login.whosonlocation.com/login/sslcheck from any web browser.

 

The reason for change


There are a number of reasons for this change, but the primary ones are:

  • Vulnerabilities in TLS 1.0 - there are no fixes or patches that are able to address the underlying vulnerabilities with one of these security mechanisms. These vulnerabilities were addressed in subsequent versions for TLS.
  • PCI-DSS compliance - while we do not process credit card payments or collect credit card payment information ourselves, we do try to align ourselves with the industry standard security recommendations which PCI-DSS compliance requires.


What do I need to do?

  • Check that all WhosOnLocation Kiosk web browsers supports TLS 1.2
  • Check that all users can access WhosOnLocation with a TLS 1.2 supported web browser
  • If you sync your Active Directory with WhosOnLocation via our AD Sync or Sync Portal scripts, ensure that you are running the latest script version which supports TLS 1.2. Support is noted by the line [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 before Invoke-RestMethod, this can be added manually if missing.
  • If you communicate with the WhosOnLocation API, ensure that the client software supports TLS 1.2

Wikipedia has a detailed article on what web browsers support TLS 1.2 https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers

Resources are also available from HowsMySSL for testing browser support as well as API communication testing.

Salesforce has a great article on how to check whether Internet Explorer supports the correct version of TLS and what you can do to enable it on supported systems.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request