Deprecation of TLS v1.0

Manny Solis
May. 2, 2018 by Manny Solis

TLS v1.0 Deprecation

On June 30th, 2018, SparkPost will be deprecating TLSv1.0 fallback across all of our systems. These older implementations contain very severe vulnerabilities that directly impact the integrity and security of your communications; vulnerabilities which cannot be fixed in these older implementations. As long as connections are made using TLSv1.1 or later, this change will result in zero impact to your ongoing use of our service. However, if connections are made using TLSv1.0, you will observe a failure to successfully connect to API and SMTP endpoints. To ensure that there is no impact to existing processes, it is best to verify that your clients support TLSv1.1 and/or TLSv1.2, and do not explicitly rely on SSL3 or TLSv1.0.

The reason we are making this change is twofold:

  1. It allows us to ensure that traffic to and from our systems is further protected from malicious actors trying to intercept and analyze it.
  2. It meets an upcoming PCI DSS deadline (of June 30th, 2018).

PCI DSS v3.1 has made it clear that both SSL and early TLS (v1.0 and certain configurations of v1.1) are no longer considered secure and would go against some of their requirements (2.2.3, 2.3 and 4.1). This includes disabling the ability to fall back to insecure or weak ciphers. Failure to comply with PCI DSS v3.1 standards may impact e-commerce and other related processes.

TLSv1.2 has been supported on our endpoints and was used opportunistically if the connecting client supported it. We have continued to offer older versions of TLS in an effort to support clients that relied on legacy protocols; however, by disabling SSL and early TLS fallback we can further secure your communications from potential man-in-the-middle attacks, such as POODLE in 2014, by making it impossible for these less-secure protocols to be used.

-Manny

Email Security Cloud Blog Footer

Related Content

Cloud Email Security at SparkPost

An overview of cloud email security related features we’ve rolled out, along with recommendations to improve security when interacting with SparkPost.

read more

Why Attestations Are Just One Part of Your Cloud Security Program

Attestations are a necessity for any cloud security program. Here’s why you need to look beyond just checking the boxes to ensure your perimeter is secure.

read more

Idea Hacking: Using Neptune to Enrich Customer Engagement

Our hackathon winners use Amazon's Neptune to connect emails with recipients by tagging templates with keywords and linking it to recipient engagements.

read more

Get started and start sending

Try SparkPost and see how easy it is to deliver your app’s email on time and to the inbox.

Try Free

Send this to a friend