TLS Deprecation for Legacy/Remaining Web Services Advisory

TLS Deprecation for Legacy/Remaining Web Services Advisory

Back in 2021, Melissa underwent the initiative to deprecate TLSv.1.0 and TLSv1.1 from our active and current web services. This was a necessary step to maintain a necessary and compliant security posture and to keep in line with industry standards and expectations.

We did not apply this deprecation to our Legacy or ancillary web services at the time because we knew that many of our users were on older technology and frameworks that may or may not be compliant with TLSv1.2 or TLSv1.3. However, as almost all platforms (ie: Google, Microsoft, Cisco, Apple, and Mozilla to name a few) have fully deprecated TLSv1.0 and TLSv1.1, the technology world has at the same time become more dangerous and attacks more prevalent.

What we are going to do:

We intend to remove support for TLSv1.0 and TLSv1.1 for all of our web services in 2024.

Would my application be affected?

It is difficult to know for sure from our end. The version of TLS supported typically depends on the programing language you are using and the version of that language you are using. TLS 1.2 was introduced in 2008, so if you are using a version of a programming language that has been updated since 2010, you should be ok. Having said that, not all programming languages were quick to adopt the standard.

Which programming language was most affected?

The main culprit we encountered in our deprecation in 2021 was JAVA. If you are using Java 1.6 or earlier (or using an application like WebSphere/Oracle that was built on a very old version of Java), the chances of you being affected are much higher.

Which Melissa Web Services are affected?

If you are using our non-legacy services, you are already on the secure version of TLS. The legacy services that will be affected are have the following domains. Additionally, if you add “tlstest” to the domain as listed below, we are making available a test version of the service with TLS 1.0/1.1 removed.

Live Domain	Test Domain
https://xml.melissadata.com	https://xmltlstest.melissadata.com
https://ws.melissadata.com	https://wstlstest.melissadata.com
https://addresscheck.melissadata.net	https://addresschecktlstest.melissadata.net
https://email.melissadata.net	https://emailtlstest.melissadata.net
https://geocoder.melissadata.net	https://geocodertlstest.melissadata.net
https://name.melissadata.net	https://nametlstest.melissadata.net
https://phonecheck.melissadata.net	https://phonechecktlstest.melissadata.net
https://streetsearch.melissadata.net	https://streetsearchtlstest.melissadata.net
https://rbdi.melissadata.net	https://rbditlstest.melissadata.net
https://zipsearch.melissadata.net	https://zipsearchtlstest.melissadata.net
https://list.melissadata.net	https://listtlstest.melissadata.net
https://token.melissadata.net	https://tokentlstest.melissadata.net
https://creditservice.melissadata.net	https://creditservicetlstest.melissadata.net
https://tokenservice.melissadata.net	https://tokenservicetlstest.melissadata.net
https://mdusagelogger.melissadata.net	https://mdusageloggertlstest.melissadata.net

What should I do if I think I am affected?

Please use the Test Domains above to see if your application supports TLS 1.2+. Please note that these domains are for testing only, they are not designed to take production level traffic or guaranteed to be always online.

When will the switch over happen?

Our intention is to make the switch as soon as possible. However, we understand that some clients may run into issues. We will work with users to help transition to the secure TLS 1.2+ version of our service. Once we have resolved any reported issues, we will go ahead and make the switch. This means that all users should test and confirm if their application supports TLS 1.2+ right away.

Additional Questions?

Please contact Melissa at tech@melissa.com.