What is the change?
Absorb LMS will be modifying a security policy on its public-facing web servers which will prevent the acceptance of TLS 1.1 connections. Only TLS 1.2 connections will be accepted as of December 16, 2017.
What is TLS?
Transport Layer Security (TLS) is a protocol which provides data and privacy integrity between two communicating applications. It is the primary deployed security protocol used, for web browsers and other applications that require data to be securely communicated over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification. The TLS versions to date are: TLS 1.0, 1.1, and 1.2.
Absorb LMS utilizes TLS for all web application connections internally and externally.
How will clients be impacted?
Clients making web connections using a version of SSL/TLS older than 1.2 will no longer be able to use the Absorb LMS service.
How can clients avoid a service disruption?
Clients must ensure they are using a browser that supports TLS 1.2 as of December 16, 2017. A list of most web browsers and the minimum version required for TLS 1.2 support can be found at in this TLS Web Browsers article. As per our Browsers Supported by Absorb article, Absorb LMS only supports the latest version of popular browsers. Clients are strongly encouraged to update as soon as possible.
Clients utilizing the Absorb API must ensure that TLS 1.2 support is enabled within their platform/application. If your integrations do not have TLS 1.2 enabled by December 16, 2017, your integrations may experience disruption.
Clients who wish to test their platform/application can do so by using the following call:
GET https://www.howsmyssl.com/a/check HTTP/1.1
The response will contain a "tls_version" field that displays the highest enabled version of TLS. If the response says "TLS 1.2" or "TLS 1.3", your platform/application is supported.
Why are we doing this?
The security and integrity of our clients data is paramount. To that end, we are committed to utilizing the latest industry standards for secure web communication.