Deprecate TLS 1.0 and 1.1


Summary:

What is TLS?

Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the internet.

When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message.

TLS is the successor to the Secure Sockets Layer (SSL). 

What is changing?

TLS ensures that connections made across the internet are secure and data can only be read by authorized users. The oldest versions of the TLS encryption protocol, TLS v1.0 and v.1.1, are being disabled in Basware Invoice Processing / Basware Travel and Expense Manager in favor of requiring TLS v1.2 or higher to be used henceforth.

Why is this happening?

Data security and integrity are top priorities for Basware. As part of our ongoing commitment to ensuring all Basware products are secure, TLS 1.0 and 1.1 are being disabled and TLS 1.2 or newer will be required when accessing remote resources.

TLS encrypts information between two points to provide privacy and security of data transmitted and has been in place for many years however several potential vulnerabilities have now been identified by security researchers that would allow attackers to intercept data from secure connections.

TLS 1.0 and 1.1 no longer meets the required criteria to be considered strong cryptography methods and should no longer be used as a security control. Basware has taken a similar decision to many other companies in disabling the use of TLS 1.0 and 1.1.

Instructions:

Please note that disabling TLS 1.0 and 1.1, while increasing security, will reduce compatibility with some, usually older, browsers, operating systems and ERP systems. Below is a list of the affected systems.

  1. Desktop and mobile IE version 11
    1. Compatible with TLS 1.2 by default on Windows 7 or newer
  2. Desktop IE versions 8, 9, and 10
    1. Compatible only when running Windows 7 or newer, but not by default. Please refer to the following Microsoft link on how to enable it for Windows 7.
    2. NOTE:  Windows Vista, XP and earlier are incompatible and cannot be configured to support TLS 1.2
  3. Desktop IE versions 7 and below
    1. Not compatible with TLS 1.2 encryption
  4. Mobile IE versions 10 and below
    1. Not compatible with TLS 1.2 encryption
  5. Microsoft Edge
    1. Compatible with TLS 1.2 by default
  6. Mozilla Firefox
    1. Compatible with the most recent version, regardless of operating system
    2. Firefox 27 and higher - Compatible with TLS 1.2 or higher by default
    3. Firefox 24 to 26 - Compatible, but not by default - Use about config to enable TLS 1.2
  7. Google Chrome
    1. Compatible with the most recent version, regardless of operating system.
    2. Google Chrome version 38 and higher - Compatible with TLS 1.2 or higher by default.
  8. Google Android OS Browser - Android 5.0 (Lollipop) and higher
    1. Compatible with TLS 1.2 or higher by default.
    2. Android 4.4 (KitKat) to 4.4.4 - May be compatible with TLS 1.2 or higher. Some devices with Android 4.4.x may not support TLS 1.2 or higher.
    3. Android 4.3 (Jellybean) and below - Not compatible with TLS 1.2 or higher encryption.
  9. Apple Safari
    1. Desktop Safari versions 7 and higher for OS X 10.9 (Mavericks) and higher - Compatible with TLS 1.2 or higher by default
    2. Desktop Safari versions 6 and below for OS X 10.8 (Mountain Lion) and below - Not compatible with TLS 1.2 or higher encryption.
    3. Mobile Safari versions 5 and higher for iOS 5 and higher - Compatible with TLS 1.2 or higher by default.
    4. Mobile Safari for iOS 4 and below - Not compatible with TLS 1.2 or higher encryption.