Melissa is deprecating Transport Layer Security (TLS) 1.0 and 1.1 for our web service as they are no longer considered secure. Starting the week of January 25th, 2021, we will no longer support web service connections using TLS 1.0 or TLS 1.1 and will require TLS 1.2 or higher.
Why are you deprecating TLS 1.0 & 1.1?
TLS 1.0 and 1.1 are no longer considered to be secure. They do not support modern cryptographic algorithms and are proven to be vulnerable to exploits. Most major technology companies have either already deprecated TLS 1.0 and 1.1 or have committed to do so in 2020. These companies include Apple, Microsoft, Google, Mozilla, and Cisco. With this deprecation, clients will need to use TLS 1.2 which was introduced over a decade ago in 2008.
Security of our client data is a top priority here at Melissa. To that end, we undergo consistent security reviews and audits of our organization and services. In order to stay current with industry standards for privacy and security in our audits, we must close vulnerabilities like TLS 1.0 and 1.1.
What about TLS 1.3?
Adding support for TLS 1.3 is a top priority that we are working on as we speak. Rest assured, if your application supports TLS 1.3, it will also support TLS 1.2. When TLS 1.3 is available, your application will likely automatically migrate to the more secure protocol.
What about HTTP?
For some of these services, we have also made unencrypted HTTP version available in order to allow older technologies to access them. However, we will be requiring everyone use secure HTTPS in order to ensure security of your data.
Please contact Melissa Tech Support for any questions.
Last Updated 08/20/2020