- 08 Oct 2024
- 2 Minutes to read
- DarkLight
- PDF
TLS Versions
- Updated on 08 Oct 2024
- 2 Minutes to read
- DarkLight
- PDF
TLS Cipher SuitesUNSUPPORTED TLS VERSIONS
TLS Cipher Suites
We are introducing a Web Application Firewall (WAF) and additional protection against Denial-of-Service attacks. This protection will be provided through Cloudflare and we will be switching the inbound IP addresses used by OneSpan Sign to IP addresses of Cloudflare.
At the same, we will be enhancing the TLS cipher suites supported by OneSpan Sign. Transport Layer Security (TLS) is a protocol that protects the confidentiality and integrity of data exchanged between OneSpan Sign and customers. This change will take place at the same time as changes made to our Environment URLs & IP Addresses. For more information on these changes, see Environment URLs & IP Addresses.
The following Cipher suites will be supported:
TLS 1.2 cipher suites
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
AES128-GCM-SHA256
AES128-SHA256
AES256-GCM-SHA384
AES256-SHA256
TLS 1.3 cipher suites
TLS13-CHACHA20-POLY1305-SHA256
TLS13- AES-256-GCM-SHA384
TLS13- AES-128-GCM-SHA256
What do I need to do?
We recommend that you start working with your IT team immediately to upgrade your integration framework to the latest security library supporting the above-mentioned TLS versions and cipher suites. Once completed, please test your OneSpan Sign Sandbox environment to ensure that all TLS communications are working properly. This is an important step that ensures that your organization does not encounter service disruptions:
UNSUPPORTED TLS VERSIONS
The Transport Layer Security (TLS) is a protocol that provides privacy and data integrity between two applications that communicate. It is the most widely used security protocol for web browsers and other applications that require secure data exchange over a network. Through encryption and endpoint-identity verification, TLS ensures that a connection to a remote endpoint is indeed the intended endpoint.
As explained in the next section, OneSpan Sign no longer supports the 1.0 and 1.1 versions of TLS.
TLS 1.2 is now the minimum appropriate transport protocol, and TLS 1.3 is strongly recommended.
TLS 1.0 & 1.1 No Longer Supported
Over time, many TLS 1.0 and TLS 1.1 vulnerabilities were uncovered and exploited by attackers. Therefore, TLS 1.0 and TLS 1.1 are no longer considered secure protocols.
Version 2.1 of the OneSpan Sign works only with TLS 1.2.
Security and trust are at the heart of OneSpan Sign's business. To align with industry best practices, we have therefore dropped support for TLS 1.0 and 1.1.
The following table shows when TLS 1.0 was disabled in various OneSpan Sign environments:
U.S. (10.x) | U.S. (11.x) | Canada | Europe | Australia | |
---|---|---|---|---|---|
Sandbox | 4 June 2018 | 4 June 2018 | 4 June 2018 | N/A | N/A |
Production | 10 Sept. 2018 | 10 Sept. 2018 | 10 Sept. 2018 | 10 Sept. 2018 | 10 Sept. 2018 |
TLS 1.1 was disabled in OneSpan Sign's environments on the following dates:
Sandbox: March 20 to May 11, 2020
Production: June 2 to June 16, 2020
Because OneSpan Sign has disabled TLS 1.0 and 1.1, customers who use those protocols can no longer access OneSpan Sign's e-signature services.
Accordingly, you should already have transitioned your environment to drop TLS 1.0 and 1.1, and enable support for TLS 1.2 or 1.3. You can achieve this by upgrading to the latest Java or .NET environment (and, if you are running an older Microsoft Windows version, by applying the necessary service packs).
For further information, please consult the following articles:
Browser Compatibilty
To ensure that your internet browsers are compatible with the supported versions of TLS, please consult this page.