Act-On Software Security Update (TLS)
In keeping with industry and security best practices, we will be ending our support for TLS 1.0 and 1.1 on December 2nd, 2019. After this date systems that do not support TLS 1.2 will be unable to communicate with Act-On provided services.
What does TLS mean?
TLS is an acronym for “Transport Security Layer” which is used to describe the handshake and secure communication between two applications. The most common usage of TLS for most people is in communication between a web server and a web browser. If you want to read more about TLS you can start with the basics here: LINK
Why are we doing this?
Act-On takes the security of our customers' data seriously. Most requests (99%) from both our customers, and our customer's customers already use TLS 1.2 compliant software when trying to access a CI, content, our our API.
Unfortunately TLS 1.0 (1999) & TLS 1.1 (2006) are no longer a reliable means of securing communication from security threats which can put our customer's data at risk. Additionally Apple, Google, and Microsoft have announced their plan to fully remove TLS 1.0 & 1.1 in the first half of 2020.
What will a customer see?
With the change in December we will no longer allow traffic to our services that try to communicate with a version of TLS older than 1.2.
How it could impact Act-On customers?
- If they use the Act-On API it could affect their ability to use the Act-On API. This would only happen if they are using outdated and insecure libraries for REST communication.
- It could impact their ability to administer the Act-On software if they try to connect with an out of support web browser.
How it could impact their customers?
- People trying to reach content served by Act-On using a web browser that has not been updated in many years may see an error message in browser saying they could not connect to the service.
Please sign in to leave a comment.