Since the point is to make sure we are connecting to SparkPost securely, let’s test against that endpoint. To do this with nmap, test the ciphers against a known HTTPS host. You can use nmap with Linux, Windows and Mac, but we will explore other methods for Windows and Macs as well if you don’t want to install new software. Assuming you are using Linux, the most descriptive method is using nmap but you can also use openssl.
This is actually part of the SSL configuration so it can be managed in your system config. If you normally use the European deployment, you should use the EU end-point instead.įirst, let’s check to see if your friendly neighborhood SysAdmin already took care of this for you. Note that throughout this document we will test with the US SparkPost end-point If not you can follow some of the steps below to get it done in Linux, Windows, and Mac. If so you should buy them a beer and say thank you. It is very possible that your IT SysAdmin or WebAdmin has done this already for you as part of their normal maintenance. SparkPost has provided ample grace to get this updated and now we are sending out final notices to get this upgraded before September when we kill it off for good. If you are still using TLS 1.1 past March 2020 you are going to have a hard time connecting to most services. It is time for weak HTTPS support to die once and for all. TLS 1.2 has been the recommended protocol for over a decadeĪctually, the question should be “ why are you still supporting it?” TLS 1.2 has been the recommended secure standard for more than a decade and we are down to the wire on anyone actually offering any support at all for anything less than TLS1.2. SparkPost will not accept connections on TLS 1.1 after September 2020 Make sure you run the following tests on the servers that actually connect to SparkPost. However, if you use any method to inject messages (SMTP or REST API) or collect data (metrics or webhooks, etc), then you really should check now to make sure your system can support TLS 1.2. Just for kicks, we’d really like to hear your feedback and add you to a “wall of awesomeness” featuring all those security-conscious companies who make the change early.īack in 2018 we asked our customers to upgrade, and TLS 1.2 has been the recommendation for quite some time, so it is very likely that you are NOT affected. We will walk you through how to check your current version and how to upgrade to the latest. This post is all about getting you prepared to run without the use of TLS1.1 so we can restrict access to TLS1.2 only.
Well, here we are, 2 years later and the next version is about to be sidelined so we want you to be prepared and avoid any interruption in service. Remember way back in June 2018 when we deprecated the use of TLS 1.0? If you don’t, that is okay, you can read all about it in this post. Are you using TLS older than 1.2? It’s ok, maintenance update delays happen to everyone.
0 kommentar(er)
