We have finished updating the Cloud Elements platform to the TLSv1.2 security protocol. We now require all connections to our application and web servers, including api.cloud-elements.com and console.cloud-elements.com, to use TLS version 1.2.
What does it mean for me?
While almost all modern browsers and software are capable of TLSv1.2, older software and browsers are not, especially those older than 4 years. This update will only affect those customers who have their own application (mostly Java or .NET applications) to consume our APIs. Any customers that are purely utilizing formulas will not be affected by this change. To help troubleshoot, here is a table of browsers and levels of TLS support. Very few of Cloud Elements' active customers are affected, all have been contacted.
Why the update?
There are known vulnerabilities to early TLS & SSL protocols like POODLE, FREAK & RC4. Due to those vulnerabilities, the PCI Data Security Standard set a deadline of June 30th, 2018 to disable v1.0 for v1.1 and strongly encourages the adoption of v1.2. The 1.2 standard (drafted in 2008) has a major advantage of being able to leverage SHA-256 as an option in the cipher suite during a handshake.
What is TLS anyway?
Transport Layer Security (TLS) is a modern cryptographic protocol that is used to secure communications between two systems, most often between a server and web browser. TLS is made up of two different layers the first is the record that contains the content type and version (1.0,1.1,1.2). The second layer is the handshake that is the real conversationalist of the web.
Browser: “ClientHello, can I ask what’s your highest version of TLS? Here’s my number just in case.”
Server: “ServerHello, v1.2 and nice to meet you too. Thanks for your number, I’ll compress it real quick.”
Browser: “Um, thanks!”
Server: “Here is a Certificate and a ServerKeyExchange so we can talk in secret...ServerHelloDone”
Browser: “Awesome, all my friends talk in secret languages, here’s my ClientKeyExchange”
Browser: “Oh before I forget, here is my ChangeCipherSpec. From here on out everything we say will be encrypted, just like best friends in the 3rd grade. I guess we are Finished?”
Server: “Oh cool! Here’s my ChangeCiperSpec too, we are now Finished with our secret handshake.”
Browser: “[ENCRYPTED]...psst, can I get those cat photos now?”
What if I still have questions?
We are always here, reach out to your Customer Success Manager or drop us a line at firstname.lastname@example.org.