NOTE
The Kantata OX Salesforce integration and all integrations on M-Bridge are compatible with TLS 1.2. Users of these services do not need to perform the update detailed below.
As of January 31st, 2018, Kantata OX no longer supports the TLS 1.0 or TLS 1.1 protocol. You are now required to use TLS 1.2 in order to connect to Kantata OX clients.
This change brings greater security to our users and aligns Kantata with industry-best practices for security and data integrity. This also affects all API integrations, which include applications or interfaces (mobile or desktop) that are powered by Kantata data.
This article will help you configure your web browser or application to use TLS 1.2.
What is TLS?
HTTPS relies on a family of lower-level security protocol implementations called TLS (short for “Transport Layer Security”); these protocols provide privacy and data integrity between two applications that require data to be exchanged securely over a network. It’s the most widely deployed security protocol used today for web browsers and other applications.
Transport Layer Security standards are continuously being improved. Currently, TLS 1.2 is the latest encryption standard powering HTTPS; protocols older than TLS 1.1 (i.e. TLS 1.0 and its predecessor, SSL) are not secure and no longer considered PCI DSS compliant.
Determining Encryption for Web Browsers and Mobile Devices
To verify that your browser and operating system supports TLS 1.2, please visit the Qualys SSL Labs website where your protocol will quickly be auto-detected.
If TLS 1.2 is not listed in the Protocol Support section, you will need to update your web browser to the latest version.
Upgrading API Clients
Some older versions of Ruby, Python, .NET, and Java don’t have support for TLS 1.2 enabled by default, so you will need to configure them using the language-specific instructions below.
Java
If you’re using Java, you’ll need to add the following option to enable support:
-dhttps.protocols=TLSv1.1,TLSv1.2
.NET
If you’re using .NET, you’ll need to upgrade to the latest .NET framework where TLS 1.2 is the default cryptographic standard. If you’re unable to upgrade to the latest .NET framework, you can still use TLS 1.2, but it depends on the framework version.
.NET 4.6 (and above)
You don’t need to do any additional work to support TLS 1.2, it’s supported by default.
.NET 4-5
TLS 1.2 is supported, but not the default protocol. The following code allows you to opt-in and make TLS 1.2 the default:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
Be sure to execute it before making a connection to a secured resource.
.NET 4.0
Although TLS 1.2 is not natively supported, if you have .NET 4.5 (or higher) installed on the system, you still can opt-in for TLS 1.2 even if your application framework doesn’t support it. Unfortunately, SecurityProtocolType in .NET 4.0 doesn’t have an entry for TLS 1.2, so you’ll have to use a numerical representation of this enum value:
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
There is also a registry hack which forces 4.5 to use TLS 1.2 by default without enforcing it programmatically; simply change the default value of the following registry entry from 0 to 1 to get .NET 4.5 System.dll to use TLS 1.2.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319: SchUseStrongCrypto to DWORD 1
.NET 3.5 (or below)
Although TLS 1.2 is not natively supported, Microsoft has released a patch for .NET 3.5 that enables support for system-default SSL and TLS versions. After installing the patch specific to your version of Windows, you must modify your registry settings.
Please refer to the following Microsoft Knowledge Base articles for more information:
- Support for TLS System Default Versions included in the .NET Framework 3.5.1 on Windows 7 SP1 and Server 2008 R2 SP1
- Support for TLS System Default Versions included in the .NET Framework 3.5 on Windows Server 2012
- Support for TLS System Default Versions included in the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2
- Cumulative Update for Windows 10 Version 1511 and Windows Server 2016
Python
Python 2.7.9 (and above)
LS 1.2 is enabled by default when used with OpenSSL 1.0.1 or higher.
Ruby
TLS 1.2 is enabled by default when used with OpenSSL 1.0.1 or higher. Setting the ssl_version to :TLSv1_2 in an OpenSSL::SSL::SSLContext ensures that TLS 1.1 or earlier is disabled.
:TLSv1_2 symbol, but it's possible to patch Ruby to include the symbol and then compile with OpenSSL 1.0.1 or higher.QuickBooks Web Connector
To ensure that you can continue to use the QuickBooks Web Connector to integrate with Kantata OX, you'll need to upgrade to the latest version of the Web Connector that supports these newer and more secure protocols.
Please see the Intuit Blog for more information and upgrade instructions.
Comments
0 comments
Please sign in to leave a comment.