TLS Versions
  • 08 Oct 2024
  • 2 Minutes to read
  • Dark
    Light
  • PDF

TLS Versions

  • Dark
    Light
  • PDF

Article summary

TLS Cipher SuitesUNSUPPORTED TLS VERSIONS

TLS Cipher Suites

We are introducing a Web Application Firewall (WAF) and additional protection against Denial-of-Service attacks. This protection will be provided through Cloudflare and we will be switching the inbound IP addresses used by OneSpan Sign to IP addresses of Cloudflare.

At the same, we will be enhancing the TLS cipher suites supported by OneSpan Sign. Transport Layer Security (TLS) is a protocol that protects the confidentiality and integrity of data exchanged between OneSpan Sign and customers. This change will take place at the same time as changes made to our Environment URLs & IP Addresses. For more information on these changes, see Environment URLs & IP Addresses.

The following Cipher suites will be supported:

TLS 1.2 cipher suites

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-SHA384

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES256-GCM-SHA384

  • AES256-SHA256

TLS 1.3 cipher suites

  • TLS13-CHACHA20-POLY1305-SHA256

  • TLS13- AES-256-GCM-SHA384

  • TLS13- AES-128-GCM-SHA256

What do I need to do?

We recommend that you start working with your IT team immediately to upgrade your integration framework to the latest security library supporting the above-mentioned TLS versions and cipher suites. Once completed, please test your OneSpan Sign Sandbox environment to ensure that all TLS communications are working properly. This is an important step that ensures that your organization does not encounter service disruptions:

UNSUPPORTED TLS VERSIONS

The Transport Layer Security (TLS) is a protocol that provides privacy and data integrity between two applications that communicate. It is the most widely used security protocol for web browsers and other applications that require secure data exchange over a network. Through encryption and endpoint-identity verification, TLS ensures that a connection to a remote endpoint is indeed the intended endpoint.

As explained in the next section, OneSpan Sign no longer supports the 1.0 and 1.1 versions of TLS.

TLS 1.2 is now the minimum appropriate transport protocol, and TLS 1.3 is strongly recommended.

TLS 1.0 & 1.1 No Longer Supported

Over time, many TLS 1.0 and TLS 1.1 vulnerabilities were uncovered and exploited by attackers. Therefore, TLS 1.0 and TLS 1.1 are no longer considered secure protocols.

Version 2.1 of the OneSpan Sign works only with TLS 1.2.

Security and trust are at the heart of OneSpan Sign's business. To align with industry best practices, we have therefore dropped support for TLS 1.0 and 1.1.

The following table shows when TLS 1.0 was disabled in various OneSpan Sign environments:

U.S. (10.x)

U.S. (11.x)

Canada

Europe

Australia

Sandbox

4 June 2018

4 June 2018

4 June 2018

N/A

N/A

Production

10 Sept. 2018

10 Sept. 2018

10 Sept. 2018

10 Sept. 2018

10 Sept. 2018

TLS 1.1 was disabled in OneSpan Sign's environments on the following dates:

  • Sandbox: March 20 to May 11, 2020

  • Production: June 2 to June 16, 2020

Because OneSpan Sign has disabled TLS 1.0 and 1.1, customers who use those protocols can no longer access OneSpan Sign's e-signature services.

Accordingly, you should already have transitioned your environment to drop TLS 1.0 and 1.1, and enable support for TLS 1.2 or 1.3. You can achieve this by upgrading to the latest Java or .NET environment (and, if you are running an older Microsoft Windows version, by applying the necessary service packs).

For further information, please consult the following articles:

Browser Compatibilty

To ensure that your internet browsers are compatible with the supported versions of TLS, please consult this page.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, our interactive help assistant