How to prepare for the mandatory use of TLS 1.2
By Yuchen Zhang /
1 Oct 2018
In support of our promise to provide best-in-class encryption to our customers, we will be moving to Transport Layer Security (TLS) 1.2 and discontinuing support for TLS versions 1.0 and 1.1. Starting March 29, 2019, we’ll be turning off support for all API requests to Sift Science from servers using those older versions of TLS.
Why we’re updating to TLS 1.2
We’re doing this to comply with industry best practices and to provide you with a more secure experience. The TLS protocol is used to encrypt your servers’ communications with Sift, so it’s important that your integration uses the latest version. TLS 1.2 is much more secure than its predecessors.
TLS 1.0 and 1.1 have existing vulnerabilities that allow unauthorized individuals to intercept, decrypt, and monitor traffic in between customers and Sift Science. By updating to TLS 1.2, we reduce the likelihood that data sent from customers is at risk of unauthorized use.
If you were sending data to us via TLS 1.0 or 1.1 as of August 2018, our Support team will reach out to the administrative contacts on your account and work with you to make sure the transition is seamless.
Questions? Check out the FAQs below, or get more information about TLS 1.2.
What’s wrong with TLS 1.0 and 1.1?
TLS is used to keep web traffic and communications secret. Versions 1.0 and 1.1 have known weaknesses, and continuing to support them would put user data at risk. To ensure everyone can use the web safely and securely, the much more secure TLS 1.2 protocol will be required for all payment data after the March cut-off date.
How do I check if my API clients support TLS 1.2?
Please consult your programming language and operating system documentation to determine whether there’s support for TLS 1.2. Below is a list of some common languages, versions, and libraries that will be affected:
Some versions of Mac OS ship with an older version of openSSL (0.9.8y, for example), which only supports TLS 1.0 and requires support for 3DES ciphers, which we will no longer support. If you’re using these command-line tools on a Mac, you can update to the latest version of openSSL with Homebrew, using brew install openssl (possibly followed by installing cURL with Homebrew, which will link against the more recent version of openSSL that was just installed).
Yuchen was a Product Marketing Manager with Sift. A promoter of machine learning, Yuchen has also worked in consulting, at Facebook, and at a number of data science and analytics startups.