TLS 1.2 upgrade notice: update browser and .NET
In April 2016, Geotab is removing support for the TLS 1.0 and 1.1 protocols. To ensure your applications continue to function, upgrade to at least .NET 4.5.
As of April 2016, Geotab will remove all support for the protocols TLS 1.0 and 1.1. After this date, any Geotab partner or customer whose browser or API client does not support TLS 1.2 will find that their applications or integrations that use the Geotab SDK will not work. Going forward, all new MyGeotab customers will only use TLS 1.2.
For the best security, Geotab recommends upgrading to TLS 1.2 as soon as possible for your organization. This means you should use at least .NET 4.5 and the most recent version of your preferred internet browser, where it is the default option.
Important: Please ensure that your technical teams upgrade to at least .NET 4.5 to ensure you support TLS 1.2.
What is TLS?
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third-party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
How to Check If You Are Affected:
- To check your browser for TLS 1.2 support: Visit the SSL/TLS Capabilities testing page.
- To check your .NET version (using IE): Visit the “Do you have .NET?” web page.
Why is Geotab Upgrading to TLS 1.2?
At Geotab, we care deeply about security. Security is not a destination but a journey and a mind set. We have to observe what is going on out there and adjust accordingly.
TLS 1.0 is no longer secure. Exploits exist to downgrade a connection based on TLS 1.0 to an older version of the protocol. There is no active exploit affecting all of TLS 1.1, but the downgrade attack works on some versions and installations and academically speaking, TLS 1.1’s hash functions are under threat.
If using an older SSL/TLS protocol revision you could have someone sitting on the line and taking in your data while absolutely nothing about the connection indicated it. A compromised secure connection is no different from an insecure connection, but may give a false sense of security.
The revision and deprecation of protocols is an expected, occasional thing, as encryption techniques improve and processing speeds increase over time. This deprecation and notice is for our customers’ security. Anyone keeping up with the latest developments will already be secure, but those who have not kept up to date could end up using an insecure method.
Who Will Be Affected by the TLS Upgrade?
There are two primary parties who will be affected:
- Geotab partners or customers with third-party applications using the Geotab SDK who are using older builds of .NET or other environments that do not support TLS 1.2. Note: It is necessary to upgrade to at least .NET 4.5 to have support for TLS 1.2.
- Users on older browser versions. If you are not keeping up with the latest browser updates, everything you do online is at risk! Read this article for a detailed table showing the TLS support (as well as other security features) of the most commonly used desktop and mobile browsers: https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers
As always, the recommendation remains to use the most recent version of whichever web browser is available to you for the most up-to-date and secure browsing experience.
- TLS 1.1 Spec: http://tools.ietf.org/html/rfc4346
- TLS 1.2 Spec: http://tools.ietf.org/html/rfc5246
- Vulnerabilities prompting moving from TLS 1.0/1.1: https://www.globalsign.com/en/blog/poodle-vulnerability-expands-beyond-sslv3-to-tls/
- TLS 1.1 uses a combination of SHA-1 and MD5 by default, whereas TLS 1.2 uses SHA-256. Academically speaking, an attack on TLS 1.1 is sitting somewhere between “will be plausible in a few years” to “actively in-use by nation states.”
If you liked this post, let us know!
Geotab's blog posts are intended to provide information and encourage discussion on topics of interest to the telematics community at large. Geotab is not providing technical, professional or legal advice through these blog posts. While every effort has been made to ensure the information in this blog post is timely and accurate, errors and omissions may occur, and the information presented here may become out-of-date with the passage of time.
Geotab | Blog
Sign up for monthly news and tips from our award-winning fleet management blog. You can unsubscribe at any time.
Other posts you might like
Introducing the MyGeotab API Adapter
Learn more about the structure of the MyGeotab API Adapter solution and the types of data it can retrieve.
October 30, 2020
Geotab Keyless unlocks new benefits for car sharing and motorpools
Digital car key provides secured keyless access for customers.
October 14, 2020
How to ace your next virtual interview
Learn how to excel at your next virtual interview with 7 tips and tricks.
September 1, 2020