Improving data transfer security

Thomas Einwaller
October 8, 2020

As of November 1, 2020, we will improve the security of data transmission at timr by adapting the protocols and encryption methods used for HTTPS connections. This means that older procedures, which are now considered unsafe, will no longer be supported.

Do you need to adjust anything here?

As long as you use current browsers and smartphones, you as a user will not notice this change. These devices already use procedures with up-to-date security.

However, if you are using older browsers or smartphones this change might mean that the devices can no longer connect to the timr server. This can happen for the following browsers and devices:

  • Internet Explorer 10
  • Smartphones running Android 4.4
  • BlackBerry Geräte running Android 4
  • Devices running Windows Phone 8
  • older .NET and Java versions calling the timr SOAP API

The exact list of compatible systems starting with TLS 1.2 can be found in this Wikipedia article.

Using the timr API

If you have connected timr to internal systems via the SOAP API, this connection might also be affected by the change. Please check if your implementation is compatible with the new protocol requirements.

Technical details

In detail this means that only TLS 1.2 and higher will be supported in the future. The previously tolerated protocols TLS 1.0 and TLS 1.1 will no longer be supported. Furthermore only the following cipher suites are supported:

  • TLS_AES_128_GCM_SHA256
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256