Back to Mavenlink.com Blog Tour Status

Transport Layer Security - TLS

On January 31st, 2018, Mavenlink will no longer support the TLS 1.0 or TLS 1.1 protocol. After this date,  you'll be required to use TLS 1.2 in order to connect to Mavenlink clients.

This change will bring greater security to our users and aligns Mavenlink with industry-best practices for security and data integrity. This will also affect all API integrations, which include applications or interfaces (mobile or desktop) that are powered by Mavenlink data. To prevent any disruption to your services, we strongly recommend that you begin supporting TLS 1.2 as soon as possible.

This article will help you configure your web browser or application to use TLS 1.2.

What is TLS?

HTTPS relies on a family of lower-level security protocol implementations called TLS (short for “Transport Layer Security”); these protocols provide privacy and data integrity between two applications that require data to be exchanged securely over a network. It’s the most widely deployed security protocol used today for web browsers and other applications.

Transport Layer Security standards are continuously being improved. Currently, TLS 1.2 is the latest encryption standard powering HTTPS; protocols older than TLS 1.1 (i.e. TLS 1.0 and its predecessor, SSL) are not secure and no longer considered PCI SSC compliant.

How to Determine Your Encryption for Web Browsers and Mobile Devices

To verify that your browser and operating system supports TLS 1.2, please visit the Qualys SSL Labs website where your protocol will quickly be auto-detected.

TLS-Qualys.png

If TLS 1.2 is not listed in the Protocol Support section, you will need to update your web browser to the latest version.

How to Upgrade API Clients

Some older versions of Ruby, Python, .NET, and Java don’t have support for TLS 1.2 enabled by default, so you will need to configure them using the language-specific instructions below. 

Java

If you’re using Java, you’ll need to add the following option to enable support:

-dhttps.protocols=TLSv1.1,TLSv1.2

.NET

If you’re using .NET, you’ll need to upgrade to the latest .NET framework where TLS 1.2 is the default cryptographic standard. If you’re unable to upgrade to the latest .NET framework, you can still use TLS 1.2, but it depends on the framework version.

.NET 4.6 (and above)—You don’t need to do any additional work to support TLS 1.2, it’s supported by default.

.NET 4.5—TLS 1.2 is supported, but not the default protocol. The following code allows you to opt-in and make TLS 1.2 the default:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

However, be sure to execute it before making a connection to a secured resource.

.NET 4.0—Although TLS 1.2 is not natively supported, if you have .NET 4.5 (or higher) installed on the system, you still can opt-in for TLS 1.2 even if your application framework doesn’t support it. Unfortunately, SecurityProtocolType in .NET 4.0 doesn’t have an entry for TLS 1.2, so you’ll have to use a numerical representation of this enum value:

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

There is also a registry hack which forces 4.5 to use TLS 1.2 by default without enforcing it programmatically; simply change the default value of the following registry entry from 0 to 1 to get .NET 4.5 System.dll to use TLS 1.2.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319: SchUseStrongCrypto to DWORD 1

.NET 3.5 (or below)—Although TLS 1.2 is not natively supported, Microsoft has released a patch for .NET 3.5 that enables support for system-default SSL and TLS versions. After installing the patch specific to your version of Windows, you must modify your registry settings.

Because this is outside the scope of this documentation, please refer to the following Microsoft Knowledge Base articles for more information:


Python

Python 2.7.9 (and above)—TLS 1.2 is enabled by default when used with OpenSSL 1.0.1 or higher. 

Note: Python 2.7.8 and below is not compatible with TLSv1.2; in order interact with Mavenlink or its API, you must upgrade to Python 2.7.9 or higher.

Ruby

TLS 1.2 is enabled by default when used with OpenSSL 1.0.1 or higher. Setting the ssl_version to :TLSv1_2 in an OpenSSL::SSL::SSLContext ensures that TLS 1.1 or earlier is disabled.

Note: Ruby version 1.9.3 and below do not include the :TLSv1_2 symbol, but it's possible to patch Ruby to include the symbol and then compile with OpenSSL 1.0.1 or higher.

QuickBooks Web Connector

To ensure that you can continue to use the QuickBooks Web Connector to integrate with Mavenlink, you'll need to upgrade to the latest version of the Web Connector that supports these newer and more secure protocols.

Please see the Intuit Blog for more information and upgrade instructions.

Who Can I Contact for Help?

There are several online resources that explain, in more specific detail, how to perform this upgrade in most browsers, languages, and frameworks. However, if you run into any issues, we're happy to help you find resources and/or troubleshoot; just use our 24/7 live chat to talk to someone in support or email our team at support@mavenlink.com.

Created on

Can't find what you're looking for?

Live Chat Submit a Ticket