Starting on July 22, 2017, Inkling will require that all connections use Transport Layer Security (TLS) v1.1 or higher. This change is being made to ensure that we continue to meet the security requirements laid out in the SOC2 audit now that numerous vulnerabilities that have been announced with the TLS v1.0 protocol. After making this change, Inkling will be better in line with industry best practices around use of the TLS protocol.
We are providing advance notice to customers so that there is adequate time to ensure that TLS 1.0 clients are upgraded to their latest versions. We highly recommend that users upgrade to the latest versions of any major browsers or clients to stay up to date with security fixes. The following is a list of browser versions and clients that Inkling will support starting on July 22, 2017. Starting on this date, clients using the TLS 1.0 protocol will be unable to access Inkling. You can test for TLS 1.1 and 1.2 compatibility by using the following link in your web browser: https://www.ssllabs.com/ssltest/viewMyClient.html.
Client |
Compatibility |
Android KitKat (4.4) or higher |
Compatible |
Chrome 38 or higher |
Compatible |
Chrome 22 through 27 |
Compatible when using Windows XP SP3, Vista or newer; Mac OS X Snow Leopard (10.6) or newer; Android Gingerbread (2.3) or newer |
Firefox 27 or higher |
Compatible |
Firefox 23 through 26 |
Compatible after configuration change. Use about:config to change security.tls.version.max to 3 |
Internet Explorer 11 (Desktop and mobile) |
Compatible |
Microsoft Edge |
Compatible |
Safari 7 or higher on OS X Mavericks (10.9) or higher |
Compatible |
Mobile Safari 5 or higher on iOS 5 or higher |
Compatible |
Other clients (API clients) |
Any other clients including those interacting with Inkling’s APIs will need to upgrade their HTTP and/or SSL libraries to support TLS 1.1 or later |
Subversion (SVN) Clients |
Not impacted by this change |
Test Sites for Platform API and SAML 2.0 SSO Integrations
This topic describes how customers who call an Inkling Platform API or use SAML 2.0 SSO can test the integration and ensure it supports TLS v1.1 or 1.2.
Note: Before performing either test, work with your Inkling representative to ensure that your testing doesn’t affect your production data.
Inkling Platform API Test Site
Customers who call any of the Inkling Platform APIs listed below can test their integration for TLS v1.1 and 1.2 support using the test site: https://partner-tlsv12.inkling.com/
- Enterprise APIs: /files, /groups, /projects, /projecttemplates, and /tocs
- Fulfillment APIs: /contentbuilds, /storeentries, /purchases, and /products
This example shows how to call the test site with an access token:
GET https://partner-tlsv12.inkling.com/projects/?access_token={ACCESS_TOKEN}
If your chosen client doesn’t support TLS v1.1 or TLS v1.2, the client will fail to connect and the result will be a client-specific error, such as:
- Communication Error
- SSL/TLS Handshake Error
- Server aborted the SSL handshake
SAML 2.0 SSO Test Site
Customers who use SAML 2.0 SSO can test their integration by temporarily rerouting their SAML requests to our SAML ACS:
https://api-tlsv12.inkling.com/saml/v2/acs/<siteID>
If your chosen client doesn’t support TLS v1.1 or TLS v1.2, the client will fail to connect and the result will be a client-specific error, such as:
- Communication Error
- SSL/TLS Handshake Error
- Server aborted the SSL handshake
If you receive another response from the server or are directed to an error page, this means that the client does support TLS v1.1 or v1.2, but there are other issues with the SAML request.
Comments
0 comments
Please sign in to leave a comment.