Security is not optional, use TLS 2.0 as well as Orange APIs
We do not support TLS v1 & v1.1 from January 2020.
TLS stands for “Transport Layer Security.” It is a protocol that provides privacy and data integrity between two communicating applications and is the most widely deployed security protocol used today. TLS is used for web browsers and other applications that require data to be securely exchanged over a network and ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification.
Client-server applications use the TLS protocol to communicate across a network in a way designed to prevent eavesdropping and tampering. There are known vulnerabilities associated with SSL 3.0/TLS 1.0 which allow adversaries to monitor/intercept traffic and decrypt secure transmissions. Updating to TLS 1.2 provides an enhanced level of encryption to protect our network
In September 2018, IETF has deprecated TLS 1.0 and 1.1 and recommended to move to TLS1.2 for security reasons.
In January 2020, all the major web browsers will no longer be compliant with TLS 1.0 and 1.1.
• Google Chrome
• WebKit
• Microsoft
• Mozilla Firefox
Orange will be disabling TLS 1.0 and 1.1 for all our APIs before end of year 2019.
What do you have to do?
- If your service is made up of a backend linked to our APIs, please update your backend.
- If your service is linked to our APIs via a mobile app or web service, then please inform your users to update their browsers or smartphones so they do not lose access.
You can find more details here.