This change has been completed, please reach out to support with any issues.
Posted Jul 31, 2020 - 12:02 EDT
In progress
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Posted Jul 31, 2020 - 11:57 EDT
Scheduled
On July 31st, Validic will be dropping support for TLS 1.0 and 1.1 on api.validic.com and will require a client that supports TLS 1.2. After Validic disables TLS 1.0 and 1.1, any inbound connections to api.validic.com that rely on TLS 1.0 and 1.1 will fail. To limit any interruptions please check your client configuration and version to ensure compliance with the latest industry standards.
Background: Transport Layer Security (TLS) is the protocol used on the web today to encrypt HTTPS connections. Version 1.0 was standardized almost 20 years ago as the successor to SSL 3.0, but is universally considered insecure due to being vulnerable to attacks such as BEAST and POODLE. Version 1.1 followed in 2006 and mitigated BEAST, but adoption was minimal as some major browsers opted to make the jump directly to TLS 1.2 (codified in 2008). In addition to the documented vulnerabilities, standards bodies such as the Payment Cards Industry Security Standards Council (PCI SSC) and the National Institute of Standards and Technology (NIST) recommend disabling TLS 1.0 and 1.1. Specifically, PCI requires that sites use a minimum of TLS 1.1, with TLS 1.2 recommended, and NIST requires at least TLS 1.2.