Improving data transfer security

As of November 1, 2020, we will improve the security of data transmission at timr by adapting the protocols and encryption methods used for HTTPS connections. This means that older procedures, which are now considered unsafe, will no longer be supported.

Do you need to adjust anything here?

As long as you use current browsers and smartphones, you as a user will not notice this change. These devices already use procedures with up-to-date security.

However, if you are using older browsers or smartphones this change might mean that the devices can no longer connect to the timr server. This can happen for the following browsers and devices:

  • Internet Explorer 10
  • Smartphones running Android 4.4
  • BlackBerry Geräte running Android 4
  • Devices running Windows Phone 8
  • older .NET and Java versions calling the timr SOAP API

The exact list of compatible systems starting with TLS 1.2 can be found in this Wikipedia article.

Using the timr API

If you have connected timr to internal systems via the SOAP API, this connection might also be affected by the change. Please check if your implementation is compatible with the new protocol requirements.

Technical details

In detail this means that only TLS 1.2 and higher will be supported in the future. The previously tolerated protocols TLS 1.0 and TLS 1.1 will no longer be supported. Furthermore only the following cipher suites are supported:

  • TLS_AES_128_GCM_SHA256
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

ATTENTION

Affected employees might not notice immediately that the timr app does not work as usual. Recording in the app is still possible for the time being, but the recorded times can no longer be transferred to the server.

To check if the app still works you can start a manual synchronization AFTER November 1st. You can find more information in this article about synchronizing the app with the timr web application.

Leave a Reply