Security Update: Deprecating TLS 1.0 and 1.1
At Nulab, your security is our priority. As part of our commitment to protecting your data, we are retiring older encryption protocols that fall short of the latest criteria for strong cryptography set forth by the PCI Security Standards Council. We will begin deprecating TLS 1.0 and 1.1 on June 8th, completing this work for all servers by June 29th, 2018.
What it TLS?
SSL/TLS encrypts information to ensure that the data transmitted between two endpoints is private and reliable. It is often referred to simply as “SSL”. It is used by your browsers to securely connect to our apps and websites and also used by servers to connect to our API.
Why we must upgrade
The PCI SSC set a deadline for transitioning from TLS 1.0 and 1.1 to version 1.2 or above to June 30, 2018. These older versions have serious vulnerabilities that put organizations at risk of being breached. For example, a hacker could perform a man-in-the-middle attack and passively observe the contents of messages or spoof their own messages.
Affected services
We will be implementing this change universally across all of our technology, including:
What we need from you
All we need from you is to make sure you’re using one of our supported browsers when accessing our apps or websites.
Here is a list of the browsers we support:
- Internet Explorer 11
- The latest version of Microsoft Edge
- The latest version of Apple Safari
- The latest version of Mozilla Firefox
- The latest version of Google Chrome
If you’re an Android user accessing Backlog or Typetalk from the Android app, you’ll also need to be on a supported device. We will stop supporting devices running on versions lower than Android 4.4 (i.e. 4.0 – 4.3) as these devices do not support TLS 1.2.
Want to learn more?
We highly recommend reading the migration document from the PCI Security Standards Council.
If you have any questions, please don’t hesitate to contact us.