On January 31st, 2018, Mavenlink will no longer support the TLS 1.0 or TLS 1.1 protocol. After this date, you'll be required to use TLS 1.2 in order to connect to Mavenlink clients.
This change will bring greater security to our users and aligns Mavenlink with industry-best practices for security and data integrity. This will also affect all API integrations, which include applications or interfaces (mobile or desktop) that are powered by Mavenlink data. To prevent any disruption to your services, we strongly recommend that you begin supporting TLS 1.2 as soon as possible.
This article will help you configure your web browser or application to use TLS 1.2.
What is TLS?
HTTPS relies on a family of lower-level security protocol implementations called TLS (short for “Transport Layer Security”); these protocols provide privacy and data integrity between two applications that require data to be exchanged securely over a network. It’s the most widely deployed security protocol used today for web browsers and other applications.
Transport Layer Security standards are continuously being improved. Currently, TLS 1.2 is the latest encryption standard powering HTTPS; protocols older than TLS 1.1 (i.e. TLS 1.0 and its predecessor, SSL) are not secure and no longer considered PCI SSC compliant.
How to Determine Your Encryption for Web Browsers and Mobile Devices
To verify that your browser and operating system supports TLS 1.2, please visit the Qualys SSL Labs website where your protocol will quickly be auto-detected.
If TLS 1.2 is not listed in the Protocol Support section, you will need to update your web browser to the latest version.
How to Upgrade API Clients
Some older versions of Ruby, Python, .NET, and Java don’t have support for TLS 1.2 enabled by default, so you will need to configure them using the language-specific instructions below.
If you’re using Java, you’ll need to add the following option to enable support:
If you’re using .NET, you’ll need to upgrade to the latest .NET framework where TLS 1.2 is the default cryptographic standard. If you’re unable to upgrade to the latest .NET framework, you can still use TLS 1.2, but it depends on the framework version.
.NET 4.6 (and above)—You don’t need to do any additional work to support TLS 1.2, it’s supported by default.
.NET 4.5—TLS 1.2 is supported, but not the default protocol. The following code allows you to opt-in and make TLS 1.2 the default:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
However, be sure to execute it before making a connection to a secured resource.
.NET 4.0—Although TLS 1.2 is not natively supported, if you have .NET 4.5 (or higher) installed on the system, you still can opt-in for TLS 1.2 even if your application framework doesn’t support it. Unfortunately,
SecurityProtocolType in .NET 4.0 doesn’t have an entry for TLS 1.2, so you’ll have to use a numerical representation of this enum value:
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
There is also a registry hack which forces 4.5 to use TLS 1.2 by default without enforcing it programmatically; simply change the default value of the following registry entry from
1 to get .NET 4.5 System.dll to use TLS 1.2.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319: SchUseStrongCrypto to DWORD 1
.NET 3.5 (or below)—Although TLS 1.2 is not natively supported, Microsoft has released a patch for .NET 3.5 that enables support for system-default SSL and TLS versions. After installing the patch specific to your version of Windows, you must modify your registry settings.
Because this is outside the scope of this documentation, please refer to the following Microsoft Knowledge Base articles for more information:
- Support for TLS System Default Versions included in the .NET Framework 3.5.1 on Windows 7 SP1 and Server 2008 R2 SP1
- Support for TLS System Default Versions included in the .NET Framework 3.5 on Windows Server 2012
- Support for TLS System Default Versions included in the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2
- Cumulative Update for Windows 10 Version 1511 and Windows Server 2016
Python 2.7.9 (and above)—TLS 1.2 is enabled by default when used with OpenSSL 1.0.1 or higher.
Note: Python 2.7.8 and below is not compatible with TLSv1.2; in order interact with Mavenlink or its API, you must upgrade to Python 2.7.9 or higher.
TLS 1.2 is enabled by default when used with OpenSSL 1.0.1 or higher. Setting the
:TLSv1_2 in an
OpenSSL::SSL::SSLContext ensures that TLS 1.1 or earlier is disabled.
Note: Ruby version 1.9.3 and below do not include the
:TLSv1_2 symbol, but it's possible to patch Ruby to include the symbol and then compile with OpenSSL 1.0.1 or higher.
QuickBooks Web Connector
To ensure that you can continue to use the QuickBooks Web Connector to integrate with Mavenlink, you'll need to upgrade to the latest version of the Web Connector that supports these newer and more secure protocols.
Please see the Intuit Blog for more information and upgrade instructions.
Who Can I Contact for Help?
There are several online resources that explain, in more specific detail, how to perform this upgrade in most browsers, languages, and frameworks. However, if you run into any issues, we're happy to help you find resources and/or troubleshoot; just use our 24/7 live chat to talk to someone in support or email our team at firstname.lastname@example.org.