Important Security Enhancement Notification
FAQ
Which Browsers are Capable of Supporting TLS 1.2?
Which System-to-System Integrations are Capable of Supporting TLS 1.2?
What Should I Expect if My System is Unable to Support These Changes?
What is TLS?
TLS stands for "Transport Layer Security." It is a protocol that provides privacy and data integrity between two communicating applications. It's the most widely deployed security protocol used today, and is used for web browsers and other applications that require data to be securely exchanged over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification. The versions of TLS, to date, are TLS 1.0, 1.1 and 1.2. TLS is the successor to SSL, the "Secure Sockets Layer" protocol.
Which Browsers are Capable of Supporting TLS 1.2?
Please see the table below for TLS 1.2 compatibility by browser.
|
Browser |
TLS 1.2 Compatibility Notes |
|---|---|
|
Microsoft Edge |
Compatible by default |
|
Desktop and mobile versions |
Compatible by default |
|
Microsoft Internet Explorer (IE) |
Review the Internet Explorer Support for TLSv1.2 article for detailed information and instructions. |
|
Desktop and mobile IE version 11 |
Compatible by default |
|
Desktop IE versions 9 and 10 |
Capable when run in Windows 7 or newer, but not by default. Review the Internet Explorer Support for TLSv1.2 article to enable TLS 1.2 encryption. Windows Vista and older operating systems, such as Windows XP, are not compatible with TLS 1.2 encryption. |
|
Desktop IE versions 8 and below |
Not compatible or stable with TLS 1.2 encryption. |
|
Mozilla Firefox |
Compatible with the most recent, stable version, regardless of operating system |
|
Firefox 27 and higher |
Compatible by default |
|
Firefox 23 to 26 |
Capable, but not by default. |
|
Firefox 22 and below |
Not compatible with TLS 1.2 or higher encryption. |
|
Google Chrome |
Compatible with the most recent, stable version, regardless of operating system |
|
Google Chrome 38 and higher |
Compatible by default |
|
Google Chrome 22 to 37 |
Capable when run in Windows XP SP3, Vista, or newer (desktop), OS X 10.6 (Snow Leopard) or newer (desktop), or Android 2.3 (Gingerbread) or newer (mobile) |
|
Google Chrome 21 and below |
Not compatible with TLS 1.2 encryption. |
|
Google Android OS Browser |
|
|
Android 6.0 (Marshmellow) and higher |
Compatible by default |
|
Android 5.0 (Lollipop) and higher |
Compatible by default |
|
Android 4.4 (KitKat) to 4.4.4 |
Capable, but not by default. |
|
Android 4.3 (Jelly Bean) and below |
Not compatible with TLS 1.2 encryption. |
|
Apple Safari |
|
|
Desktop Safari versions 7 and higher for OS X 10.9 (Mavericks) and higher |
Compatible by default |
|
Desktop Safari versions 6 and below for OS X 10.8 (Mountain Lion) and below |
Not compatible with TLS 1.2 encryption. |
|
Mobile Safari versions 5 and higher for iOS 5 and higher |
Compatible by default |
|
Mobile Safari for iOS 4 and below |
Not compatible with TLS 1.2 encryption. |
Which Application Platforms are Capable of Supporting TLS 1.2?
Please see the table below for TLS 1.2 compatibility by browser.
|
Platform or Library |
Compatibility Notes |
|---|---|
|
Java (Oracle) |
Compatible with the most recent version, regardless of operating system |
|
Java 8 (1.8) update u32 and higher |
Compatible with TLS 1.1 or higher by default. |
|
Java 7 (1.7) update u26 and higher |
Enable TLS 1.1 and TLS 1.2 using the https.protocols Java system property for HttpsURLConnection. To enable TLS 1.1 and TLS 1.2 on non-HttpsURLConnection connections, set the enabled protocols on the created SSLSocket and SSLEngine instances within the application source code. Switching to IBM Java may be an effective workaround if upgrading to a newer Oracle Java version isn't feasible. |
|
Java 6 (1.6) update u121 and higher
|
Enable TLS 1.1 using the https.protocols Java system property for HttpsURLConnection. To enable TLS 1.1 on non-HttpsURLConnection connections, set the enabled protocols on the created SSLSocket and SSLEngine instances within the application source code. This Java 6 update and newer updates are not publicly available and require a support contract for Java 6 from Oracle. |
|
Java 6 (1.6) and below (publicly available version) |
Not compatible with TLS 1.1 or higher encryption. Switching to IBM Java may be an effective workaround if upgrading to a newer Oracle Java version isn't feasible. |
|
Java (IBM) |
|
|
Java 8 |
Compatible with TLS 1.1 or higher by default. You may need to set com.ibm.jsse2.overrideDefaultTLS=true if your application or a library called it by it uses SSLContext.getinstance("TLS"). |
|
Java 7 and higher, Java 6.0.1 service refresh 1 (J9 VM2.6) and higher, Java 6 service refresh 10 and higher |
Enable TLS 1.2 using the https.protocols Java system property for HttpsURLConnection and the com.ibm.jsse2.overrideDefaultProtocol Java system property for SSLSocket and SSLEngine connections, as recommended by IBM's documentation. You may also need to set com.ibm.jsse2.overrideDefaultTLS=true. |
|
OpenSSL |
Compatible with the most recent version, regardless of operating system |
|
OpenSSL 1.0.1 and higher |
Compatible with TLS 1.1 or higher by default. |
|
OpenSSL 1.0.0 and below |
Not compatible with TLS 1.1 or higher encryption. |
|
.NET |
Compatible with the most recent version when running in an operating system that supports TLS 1.1 or TLS 1.2 |
|
.NET 4.6 and higher |
Compatible with TLS 1.1 or higher by default. |
|
.NET 4.5 to 4.5.2 |
.NET 4.5, 4.5.1, and 4.5.2 do not enable TLS 1.1 and TLS 1.2 by default. Two options exist to enable these, as described below. Option 1: System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls; Option 2: |
|
.NET 4.0 |
.NET 4.0 does not enable TLS 1.2 by default. To enable TLS 1.2 by default, it is possible to install .NET Framework 4.5, or a newer version, and set the SchUseStrongCrypto DWORD value in the following two registry keys to 1, creating them if they don't exist: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" and "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319". Those registry keys, however, may enable TLS 1.2 by default in all installed .NET 4.0, 4.5, 4.5.1, and 4.5.2 applications on that system. We recommend testing this change before deploying it to your production servers. This is also available as a registry import file. |
|
.NET 3.5 and below |
Not compatible with TLS 1.1 or higher encryption |
What Should I Expect if My System is Unable to Support These Changes?
After November 1, 2017 (and September 25, 2017 for non-production test environments), if your system is unable to support these standards, you should expect the following:
For Browser Based Services:
When trying to access one of our sites through your web browser, an error message stating that your browser does not support the TLS 1.2 protocol, with information on how to resolve.
For System-to-System Integrations:
When trying to access one of our sites through a system-to-system integration, an HTTP Return Code of "426 Upgrade Required" will be returned your application, along with a response message stating that support of TLS 1.2 is required and information on how to resolve.
About OpenText
OpenText enables the digital world, creating a better way for organizations to work with information,
on-premises or in the cloud. For more information about OpenText (NASDAQ: OTEX, TSX: OTEX),
visit opentext.com.
