TLS version 1.2 is now required for API and Tool

To keep your communication with CheckMarket secure, we are dropping support for TLS 1.0 and 1.1 for the API and Tool as of today, July 1 2018, in response to security concerns around these protocols.

Why are you making this change now?

CheckMarket is committed to security. The PCI Security Standards Council has declared that TLS 1.0 and TLS 1.1 will reach its end-of-life on June 30th 2018 in response to security concerns around these protocols.

We’re sticklers for backwards-compatibility and make potentially breaking changes only when absolutely necessary. Our users’ security is paramount, so deprecating these outdated technologies is one of those rare cases.

TLS 1.0 and 1.1 ensure that your communications stay private. In order to do this, they generate a series of random bytes used to encrypt your connection. TLS 1.0 provides two ways of doing this (CBC and RC4), but several vulnerabilities have been discovered in both of them (including BEAST and the RC4 biases). If you kept using old versions of TLS, someone could theoretically sniff your connection. With this change, we are following best practices in the industry: PCI council has announced June 30, 2018 as End of Life date for TLS 1.0

As a result, we are moving towards TLS 1.2, which has few known attacks and is subject to more rigorous security design than its predecessors.

Why am I getting strange connection errors?

If you are suddenly getting strange connection errors, it is probably related to TLS. Make sure you are using TLS 1.2 to connect. You may need to update your browser or connection component to a newer version that supports TLS 1.2.

How can I check if I am using TLS 1.2?

For API users, we have setup an special endpoint address for testing a TLS connection and prepared some detailed instructions to verify if you are using TLS 1.2.

What about surveys?

This will not affect for the survey interface for now. We will allow TLS 1.1 for the time being in the survey interface only. Rest assured that if your respondents are using a modern browser, they will enjoy TLS 1.2 with the highest cypher available. Browsers always try to connect using the most secure cypher and work their way down.

Questions?

If you have any questions or feedback, please do not hesitate to let us know at [email protected].

“If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees. …” — Kahlil Gibran

Leave a Reply

Your email address will not be published.