What is Transport Layer Security (TLS)?
Transport Layer Security (TLS) represents a set of security protocols that were introduced over time to provide communication security over the network. In the beginning, Secure Sockets Layer (SSL) was introduced to provide security. Multiple versions of SSL (1.0, 2.0 and 3.0) were introduced over time and older versions were deprecated as vulnerabilities were found in them. After SSL 3.0, TLS 1.0 was introduced that had some incremental improvements over it. As new vulnerabilities are found, newer versions of TLS have also been released, including TLS 1.1, TLS 1.2 and TLS 1.3.
What protocols use TLS?
Many other protocols use TLS under the covers to make secure communication possible over the internet. For example, Hypertext Transfer Protocol Secure (HTTPS) which is an extension of the Hypertext Transfer Protocol (HTTP) uses TLS behind the scenes to enable secure communication between different systems over the internet. Similarly, FTP with TLS/SSL (FTPS), secure database connections, etc. all use TLS in the background to make secure communication possible.
What TLS versions does integrator.io support?
This varies depending on whether it's an incoming or outgoing connection.
- Incoming connections: For scenarios such as a client trying to connect to integrator.io from the browser or through the API, integrator.io supports TLS 1.1 and TLS 1.2. This means that if an attempt is made to connect using TLS 1.0, it will fail. The majority of communication uses TLS 1.2 over the internet. Though TLS 1.1 is comparatively less secure than to TLS 1.2, it's still allowed and is currently in use as well.
- Outgoing connections: When integrator.io is connecting to a client system while running a flow, integrator.io is capable of using all versions of TLS 1.0 to TLS 1.3. Even though TLS 1.0 has been deprecated, integrator.io allows this for outgoing connections to support customer systems who may still be using only TLS 1.0 version. It’s highly recommended that all client systems should migrate to at least TLS 1.1, as TLS 1.0 is not considered secure. Once the client migrates to a new version, integrator.io will automatically start using newer TLS versions without any manual intervention.
Why isn't TLS 1.0 considered secure?
TLS 1.0 was created almost 2 decades ago and is not only vulnerable to attacks but also supports weak cryptographic algorithms. As a result, it was suggested by the PCI Council that TLS 1.0 should be deprecated and systems should be migrated from TLS 1.0 to TLS 1.1 or higher before June 30, 2018.