Question: What products and services are affected?
We are removing support for TLS 1.0 and 1.1 from our SpiraTest, SpiraTeam, SpiraPlan (aka Spira) and KronoDesk cloud based products. We are a this time not removing support for our company website, support website or other Inflectra internal applications. We anticipating depreciating TLS 1.0 and 1.1 for these platforms early in 2021.
These changes will not affect customers that choose to self-host Spira or KronoDesk, only those customers using our Cloud / SaaS option.
Question: What do I have to do to prepare?
- If you only use a web browser to connect to Spira or KronoDesk then all you need to do is make sure you are using a modern web browser.
- If you are using other Inflectra add-ons and extensions that use Microsoft .NET (for example RemoteLaunch, Rapise, Import Tools, Office Add-Ons, etc.) make sure you have downloaded the latest version, since only recent versions of .NET fully support TLS 1.2 and we've updated all of our plugins recently.
Question: Why are you deprecating TLS 1.0 and 1.1?
Answer: TLS 1.0 and 1.1 are out-of-date protocols that do not support modern cryptographic algorithms, and they contain security vulnerabilities that may be exploited by attackers. The Internet Engineering Task Force is also planning to officially deprecate both protocols. In addition, the vast majority of encrypted Internet traffic is now over TLS 1.2, which was introduced over a decade ago.
Question: Why did you choose November 14, 2020?
Answer: The industry is working to deprecate support for TLS 1.0 and 1.1 this year. Google, Microsoft, Apple, and Mozilla have all announced that their browsers will no longer support TLS 1.0 and 1.1 as of March 2020. We had originally targeted a similar date, but due to the Coronavirus pandemic we decided to delay our depreciation until later in the year. This was to avoid any disruptions for businesses that were moving to the cloud and/or adjusting to teleworking.
We chose November 14th specifically because it is our standard monthly maintenance window for Spira and KronoDesk and we wanted to complete the change before the December release of Spira 6.7.
Question: Will this affect my users that have up-to-date devices?
Answer: It should not, because the vast majority of websites support TLS 1.2 and most browsers have already been updated. According to Qualys’s SSL Labs 95.2% of websites support TLS 1.2 as of February 2020. We expect this number to rise significantly as March 2020 approaches. Note that having an up-do-date device includes the version of .NET for Windows machines. See below for further information.
Question: How can I tell if my endpoints support TLS 1.2?
Answer: For Microsoft Windows users, there are two areas that will impact TLS compatibility with Inflectra's Cloud Services.
- Web Browser Support to access the Spira and KronoDesk applications
- Browser test: https://www.ssllabs.com/ssltest/viewMyClient.html. Confirm that there is a “Yes” next to TLS 1.2 in the “Protocols” section
- .NET framework Support for custom applications.
- .NET: Native TLS 1.2 support requires .NET framework 4.6.2+. Prior versions require registry edits (4.x) or Registry edits and manual hotfix patches (3.5).
We also recommend that you disable support for SSL, TLS 1.0 and TLS v1.1 at the operating system level: https://support.microsoft.com/en-us/help/187498/how-to-disable-pct-1-0-ssl-2-0-ssl-3-0-or-tls-1-0-in-internet-informat.