End of Support for TLS 1.0

Support for TLS version 1.0 on Metadefender Cloud is being deprecated on 16 Jul 2018.

As a result, systems attempting to connect to the Metadefender Cloud sever, including through other OPSWAT products such as MetaAccess or Metadefender Client, will be unable to do so.

To continue connecting to the Metadefender Cloud sever, you will need to ensure that your OS and any applications integrating to Metadefender Cloud support TLS 1.1 or TLS 1.2 or later.

Why is support for TLS 1.0 being deprecated?

The PCI Council has mandated that support for version 1.0 of the TLS cryptographic standard should be deprecated by July 16th, 2018 for companies to stay compliant with the PCI Data Security Standard (PCI DSS). There are several sites that describe this in more detail, such as https://blog.pcisecuritystandards.org/migrating-from-ssl-and-early-tls

What do I need to do?

If you use systems (computers and/or computer applications) or are responsible for systems that access Metadefender Cloud , you need to make sure these systems are enabled for TLS 1.1 and/or TLS 1.2 as the default secure protocol. Most current operating systems and browsers support TLS 1.1 and TLS 1.2 as the default secure protocol. A significant exception to that are many of the older Windows operating systems still in use today, such as Windows 7, Windows Server 2008, and Windows Server 2012. For more information about enabling TLS 1.1 and TLS 1.2 to these systems, please see https://support.microsoft.com/en-gb/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

What is SSL/TLS?

Transport Layer Security (TLS) is a cryptographic protocol used to establish a secure communications channel between two systems. It is used to authenticate one or both systems, and protect the confidentiality and integrity of information that passes between systems.

What are the SSL/TLS Vulnerabilities?

Because of its widespread use online, SSL and TLS have been targets by security researchers and attackers. Many vulnerabilities in SSL and TLS have been uncovered over the past 20 years, such as:

  • Protocol Vulnerabilities: Cryptographic vulnerabilities in either the SSL/TLS protocol itself, or in how it uses cryptographic algorithms. e.g., POODLE, BEAST, CRIME.

  • Implementation Vulnerabilities: Vulnerabilities in TLS software. E.g., Heartbleed’s Buffer over-read vulnerability in OpenSSL.

  • Configuration Vulnerabilities: e.g., weak cipher suites or key sizes. Logjam attacks using export-grade cryptography.

This article pertains to MetaDefender Cloud
This article was last updated on 2018-06-29