GreenRope Blog

Title search:

Important Changes for our API Users! 

When someone connects to GreenRope's API, they transmit passwords and other data, and we transmit contact and other data back to them. It's important that this traffic back and forth be encrypted, so we require SSL for all API connections. Unfortunately, as technology improves, it becomes easier and easier to break encryption, so new methodologies have to be created every time, and old ones have to be deprecated, and the world has to stop using them, because they becomes susceptible to attacks.

Up until very recently we supported TLS 1.0, 1.1, and 1.2. But recently the PCI Security Standards Council has determined that TLS 1.0 is no longer secure, and it should no longer be used. Most browsers will prefer 1.2,  and in some cases 1.1, and avoid 1.0 as much as possible, and PCI themselves have indicated that it should no longer be used after June 30th, 2016.

PCI and other security companies run PCI compliance scans, and one of those, run on behalf of a customer that uses forms for financial and other sensitive information, flagged us for failure because we still supported 1.0. In order for that customer's PCI compliance to come up clean, we had to turn TLS 1.0 off.

Any of our partners and customers that use our API can no longer use TLS 1.0 to connect to us. They should upgrade their tools as quickly as possible. TLS 1.1 and TLS 1.2 support exists for almost all of the languages and systems that can be used to connect with us, so it's just a matter of finding the right parameters, or upgrading the right libraries, to make this change.

Please Contact Us for more information! 

Share: https://www.greenrope.com/blog/Blog377/Important-Changes-for-our-API-Users

Modern Postcard