Expand my Community achievements bar.

Nerd Alert: confirmed sighting of TLS 1.1 deprecation

Avatar

Community Advisor

Hello Nerds (you know who you are...),

A few months ago, this TLS 1.2 to be required in Workfront announcement prompted me to have our data center team upgrade our entire server farm to the latest and greatest version of everything which I'd been putting off (given the time and expense involved), but I'm pleased to confirm is nearly complete. Just in time, too, it turns out: as below, I've just confirmed that TLS 1.1 is indeed OFF in an sb01 environment, which prevented us from connecting via the API the old way (TLS 1.1), but then worked as expected as soon as we switched to the new way (TLS 1.2).

I suspect this means that a similar required upgrade on .preview and .my environments will be Coming Soon to an API Near You, so if you're ready, congratulations...and if you're not, I encourage you to make it a priority.

Regards,

Doug

---------------------------------

Hi Dustin,

<<screenshot: unable to connect via API to clientdomain.sb01.my.workfront.com>>

Do you think this just part of the general sandbox flu, or should I raise a ticket?

Regards,

Doug

---------------------------------

Hmmm...

That sounds like it's trying to use an unsupported version of TLS.

We did deprecate 1.1, can you check your script to see if it's versioned?

Dustin

---------------------------------

Thanks Dustin,

Yes. That was my spidey-sense, too. +Melinda and +Malcolm, to continue previous conversations along that line with each.

Fortunately, we've invested heavily over the last couple of months to upgrade our entire server farm, so we're we'll positioned to swap to TLS 1.2 (and back, if need be).

I'll instruct my data center team to do so today, and let you all know the results (ideally, sb01 connects, as will all other my and preview domains that are still running TLS 1.1…for now).

Regards,

Doug

---------------------------------

Hopefully that's all it is, and jumping to 1.2 resolves the issue...

Dustin

---------------------------------

DING DING DING! We have a winner!

Disabling TLS 1.0 and TLS 1.1 on our side worked. Well spotted, Dustin! I've also confirmed that it Did No Harm as far as connecting to .my and .preview environments, so we're going to leave it in that state for a couple of weeks, confirm all is still well, then deem it a permanent change.

Although it's only a select few who will Get It, I will drop a nerd alert note on community later today.

Regards,

Doug

0 Replies