At Comapi, we are always committed to increasing the robustness of our security, which is why we will continuously reassess our support for software or protocols to ensure they are up to the standards or security we want to supply to you as a client, and in turn your end-customers. As protocols get older, they become less secure, which has now become the case for TLS 1.0 which is particularly vulnerable to man-in-the-middle attacks.
What is TLS?
TLS stands for Transport Layer Security. It is a protocol that provides privacy and data integrity between two communicating applications. It’s the most widely deployed security protocol used today, and is used for web browsers and other applications that require data to be securely exchanged over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification.
In order to ensure continuity of service and maintain the integrity of our robust security, we will be ceasing support for TLS 1.0 and will require all users to switch to TLS 1.1 or later. As a company committed to the ongoing security of your data, and the data of your customers, our recommended protocol is TLS 1.2. We are beginning to phase out support for TLS 1.0 from the end of July and will cease support on the 15th October 09:00 GMT.
Why do I need to do this?
This is an essential and industry-wide security requirement. Modern browsers and operating systems already support TLS 1.1 and 1.2, but any older operating systems, especially those used to call our APIs or web-services, must be checked to ensure that they will continue to function after we make this crucial change.
What do I need to do?
If you’re a Comapi portal user, you just need to check that the web browser you are using is up-to-date. You can do that by viewing our support article here. If you’re an API developer, all the information you require on the switchover, including which systems this will be affecting, can also be found in the article.
You must ensure your systems are able to support at least TLS 1.1 (but preferably 1.2) as soon as possible to avoid any disruption. This is something your technical or dev team should be able to easily identify, but we will be on-hand to help with any support you require.
You can contact the Client Engagement team with any questions via web chat on our site, or by emailing [email protected]