essDOCS Support Notice: Discontinuance of Support for early TLS (TLS 1.0)
Security is a key concern at essDOCS. essDOCS will therefore be ending support for early TLS on the 30th June 2018 and requires all affected customers to implement connections to our systems via a more secure encryption protocol – TLS 1.1 or higher (TLS v1.2 is strongly encouraged).
What is early TLS?
Transport Layer Security (TLS) is a cryptographic protocol used to establish a secure communications channel between two systems. It is used to authenticate one or both systems and protect the confidentiality and integrity of information that passes between systems. It was originally developed as Secure Sockets Layer (SSL) by Netscape in the early 1990s. Standardized by the Internet Engineering Taskforce (IETF), TLS has undergone several revisions to improve security to block known attacks and add support for new cryptographic algorithms, with major revisions to SSL 3.0 in 1996, TLS 1.0 in 2000, TLS 1.1 in 2006, and TLS 1.2 in 2008.
What is the risk of using early TLS?
There are many serious vulnerabilities in early TLS that left unaddressed put organizations at risk of being breached. The widespread POODLE and BEAST exploits are just a couple of examples of how attackers have taken advantage of weaknesses and early TLS to compromise organizations.
Among other weaknesses, TLS 1.0 is vulnerable to man-in-the-middle attacks, risking the integrity and authentication of data sent between a website and a browser.
According to NIST, there are no fixes or patches that can adequately repair early TLS. Therefore, it is critically important that organizations upgrade to a secure alternative as soon as possible and disable any fall-back to early TLS.
What can you do?
- Migrate to a minimum of TLS 1.1, preferably TLS 1.2: While it is possible to implement countermeasures against some attacks on TLS, migrating your connections to our system to a later version of TLS (TLS 1.2 is strongly encouraged) is the only reliable method to protect against the current protocol vulnerabilities
- Patch TLS software against implementation vulnerabilities: Implementation vulnerabilities, such as Heartbleed in OpenSSL, can pose serious risks. Keep your TLS software up-to-date to ensure it is patched against these vulnerabilities and have countermeasures for other attacks
- Configure TLS securely: In addition to providing support for later versions of TLS, ensure the TLS implementation is configured securely. Ensure that secure TLS cipher suites and key sizes are supported and disable support for other cipher suites that are not necessary for interoperability. For example, disable support for weak “Export-Grade” cryptography, which was the source of the recent Logjam vulnerability.
How can you test?
Our UAT (Test) server is available 24/7 for your convenience. It is configured to accept TLS 1.1 and TLS 1.2 (our preferred encryption protocol).
Use the following URL to test your encryption protocol with essDOCS:
Please contact our Support Team (firstname.lastname@example.org) if this discontinuance does not fit with your company’s support lifecycle and will cause serious problems.
The essDOCS Support Team