Quickstart Guide

Melissa Web Service Advisory

Melissa is deprecating Transport Layer Security (TLS) 1.0 and 1.1 for our web service as they are no longer considered secure. Starting the week of January 25th, 2021, we will no longer support web service connections using TLS 1.0 or TLS 1.1 and will require TLS 1.2 or higher.

Why are you deprecating TLS 1.0 & 1.1?

TLS 1.0 and 1.1 are no longer considered to be secure. They do not support modern cryptographic algorithms and is proven to be vulnerable to exploits. Most major technology companies have either already deprecated TLS 1.0 and 1.1 or have committed to do so in 2020. These companies include Apple, Microsoft, Google, Mozilla, and Cisco. With this deprecation, clients will need to use TLS 1.2 which was introduced over a decade ago in 2008.

Security of our client data is a top priority here at Melissa. To that end, we undergo consistent security reviews and audits of our organization and services. In order to stay current with industry standards for privacy and security in our audits, we must close vulnerabilities like TLS 1.0 and 1.1.

What about TLS 1.3?

Adding support for TLS 1.3 is a top priority that we are working on as we speak. Rest assured, if your application supports TLS 1.3, it will also support TLS 1.2. When TLS 1.3 is available, your application will likely automatically migrate to the more secure protocol.

What about HTTP?

For some of these services, we have also made unencrypted HTTP version available in order to allow older technologies to access them. However, we will be requiring everyone use secure HTTPS in order to ensure security of your data.

Please contact Melissa Tech Support for any questions.

Last Updated 08/20/2020

JANUARY 25, 2021

We will be updating our services to disable TLS 1.0 and 1.1 the week of January 25th, 2021. Please make sure your application is compatible with TLS 1.2 before this date.

What will happen if I cannot connect using TLS 1.2 by the deadline?

If your application is unable to connect to our service using TLS 1.2 when we disable TLS 1.0 and 1.1, the connection will be rejected and you will not be able to connect to or use our web service.

Last Updated 08/20/2020

We have created a TLS 1.2 only version for all of the services that we host. To access this version, simply add the text "tlstest" to the first part of the domain preceding ".melissadata.net". For example:

Personator

Global Address

Note: These are two examples. The "TLSTest" version exists for all of our services.

Last Updated 08/17/2020

.NET

TLS 1.2 is supported in .NET framework 4.5 or higher. It can be enabled via registry or in code. For more information, please visit the Microsoft page: https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls

Java

TLS 1.2 is supported in JDK 7 (but not default) and default in JDK 8. For more information, please visit: https://blogs.oracle.com/java-platform-group/jdk-8-will-use-tls-12-as-default

Python

Python support has been a bit complicated as they had different versions of OpenSSL. Python has supported TLS 1.2 since version 3.2 and 2.7.9. Please see their official documentation here for more information: https://docs.python.org/3/library/ssl.html

Ruby

TLS 1.2 is supported in Ruby 2.0 and higher.

SSIS

Currently the Melissa components do not connect using TLS 1.2 out of the box. Please see this page for how to configure your machine as a work-around: http://wiki.melissa.com/index.php?title=FAQ%3ASSIS%3AEnforce_TLS_1.2

We are currently working on natively integrating TLS 1.2 with DQC Components for SSIS and future releases with support for TLS 1.2 will be announced on http://wiki.melissa.com/index.php?title=SSIS%3AData_Quality_Components

Last Updated 08/20/2020