Call to Action: Support for TLS 1.0 discontinued

colo
Meraki Alumni (Retired)

Call to Action: Support for TLS 1.0 discontinued

Dear Developers,

 

We will be disabling support for TLS 1.0 on June 27, 2018. This may impact third-party integrations using the Captive Portal API, Scanning API, or Dashboard API with these versions of TLS. The third-party service must be updated to use a modern version of TLS.

 

We will not be able to revert these changes due to the pending PCI deadline on June 30, 2018, so if you notice issues with Meraki services or applications failing due to TLS errors, please contact Meraki support immediately.

 

If you need to contact Meraki support please visit this website: https://meraki.cisco.com/support/
 
This announcement will be sent to technology partners and shared on our developer website here: https://create.meraki.io/build/tls/
 
Sincerely,
Colin Lowenberg
Cisco Meraki

Colin Lowenberg
Take the Meraki Challenge
solutions.meraki.com/challenge
1 REPLY 1
PhilipDAth
Kind of a big deal

Re: Call to Action: Support for TLS 1.0 and 1.1 discontinued

100% support this.  There should be no framework that does not support TLS1.2 now.

 

Could I encourage you to go a step further.  api.meraki.com is using a certificate created with a 2048 bit key.  I see no reason not to be using 4096 bit keys these days.  I use them as standard, and have not run into any compatibility issues on anything.

 

Also, is there any reason to still offer RSA without ECDHE?  For example, you could stop offering these [weaker] ciphers:

TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA

 

I think you would be hard pressed to find things that don't support ECDHE these days.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.