Transport Security Layer 1.0 and 1.1 Deprecation

What’s happening?

parcelLab will stop support for Transport Security Layer (TLS) 1.0 and 1.1 on api.parcellab.com.

TLS 1.0 will be deprecated by 9 August 2022 and TLS 1.1 will be deprecated by 22 August 2022.

After deprecation, connecting systems need to support newer versions of TLS (that is: TLS 1.2 or greater) in order to send or receive data.

This change is required by our System and Organization Controls (SOC) 2 certification and reflects common security practices.

Background

TLS is an encryption protocol designed to secure communications over the Internet. To improve security and reliability, the Internet Engineering Task Force (IETF) has already formally deprecated TLS 1.0 and 1.1. Browsers have also stopped supporting TLS 1.0 and 1.1 for the same reasons.

What does this mean for retailers sending data via API?

No changes are expected for connecting systems. However, if your sending system does not support TLS 1.2, you will observe an HTTPS handshake error or certificate error indicating that the client and server were unable to establish a secure connection.

As browsers have already removed support for TLS 1.0 and 1.1, therefore end users (that is: your customers) will not be impacted by this.

parcelLab will monitor data transfer and you will be alerted if data can no longer be received by parcelLab. Please note that we cannot monitor unsuccessful connection attempts for read requests.

If you have any questions or experience any issues, please fill in our contact form and we'll get back to you.

Further Reading

View the following references for further information on the TLS 1.0 and 1.1 deprecation:

• TLS 1.0 and 1.1 are no longer considered secure

Guide to TLS Standards Compliance - SSL.comSSL.com

Deprecating TLS 1.0 & 1.1www.digicert.com

• Consumer software like browsers no longer support TLS 1.0 and 1.1

TLS 1.0 and TLS 1.1 Deprecated: SSL Labs Grade Impact | QualysQualys