Konstantinos Stavropoulos

TLS 1.2 to be Enforced After August 15th

TLS 1.2

What is happening and when?

We are planning to disallow TLS 1.0 and TLS 1.1 protocols on all connections to Transifex on 15 August 2021. The minimum TLS version allowed for every incoming connection will be TLS v1.2.

This change will impact any users that still use outdated web browsers or libraries to communicate with Transifex, which do not allow by default TLS 1.2 connections.

Technical details

The vast majority of users connecting to Transifex use either modern web browsers and tools, or the latest version of our cli client. These already use TLS 1.2 and no changes are necessary.

However, a few users are still using TLS 1.1, or even TLS 1.0 to establish connections with Transifex. Most of those come from some very old versions of our cli client (pre-2013), or from custom integrations not implemented by us. Also, a tiny percentage is using outdated browsers, which is a security risk for many more reasons other than just TLS 1.2 enforcement.

TLS versions 1.0 and 1.1 are out-of-date protocols that do not support modern cryptographic algorithms, and contain security vulnerabilities that may be exploited by attackers. They have been marked as deprecated since 2020, while 1.2 has been the recommended version since 2008. It is worth noting that all SSL protocols are also considered deprecated.

In addition, all major web browsers have been showing warning messages in releases as far as two years ago, when a user is trying to connect to a server that does not support TLS 1.2. Latest releases are completely blocking TLS versions 1.0 and 1.1, since March 2020.

Due to the aforementioned reasons, we advise anyone who is still using an old version of the Transifex client to update to the latest one. Furthermore, users who have written their own applications & integrations to communicate with Transifex should ensure that they are using modern and up-to-date libraries which allow TLS 1.2 connections.

From the 15th of August 2021 onwards, any connections that are not able to negotiate a TLS 1.2 handshake will be dropped.

Conclusion

We understand that this change will incur additional burden to a small set of our users. It is for that reason we are making an announcement one month in advance. We hope that developers and users are able to upgrade their browsers and clients to be compatible with these changes, and enhance security of their services and products.

If you have any questions or concerns related to this announcement, please don’t hesitate to contact us at support@transifex.com.

Want to learn more about Transifex?

Give Transifex a try with our free 15 day trial, or connect with one of our team members for a personal demo.