As of 20th December 2021, the Transport Layer Security (TLS) 1.0 and 1.1 protocols are being deprecated for the Emarsys services.
This deprecation will mainly affect outdated applications (i.e. backend applications connecting to the Emarsys APIs).
What do you need to do?
Although these old versions (TLS 1.0 and TLS 1.1) are rarely used by clients, older versions of development tools still use it.
In order to prevent any communication issues, we strongly advise that:
- Review and update any application that doesn’t support TLS 1.2 in order to continue to use the Emarsys APIs.
- Always use HTTPS to communicate with the Emarsys API.
- Ensure you connect to the API using secure cipher suites.
Supported ciphers
For your reference, the following ciphers are supported:
- TLS_CHACHA20_POLY1305_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_128_GCM_SHA256
Older protocols are a security risk
Microsoft, Apple and Google announced long ago the end of support for TLS 1.0 and TLS 1.1.
All modern browsers and applications support TLS 1.2 and so does the vast majority of services, servers and applications.
The usage of TLS 1.0 and 1.1 acts as a security risk and although these old protocols are still supported by some servers, their usage is mainly by outdated non-browser software.
Clients that need to use these versions are vulnerable to TLS downgrade attacks
(that force users to use weaker versions of TLS) for almost no practical benefit.
What does this mean for the average browser user?
This change will be invisible. Most websites already support TLS 1.2 and any modern browser (any browser version released in the last five years) supports TLS 1.2.