What is TLS?
The Transport Layer Security (TLS) protocol enables secure communications over a computer network by authenticating the data that is passed between the web server and the connected browser. For example, when you enter your login credentials on Zoho Desk, TLS prevents a third-party from stealing the information that is exchanged during the login process.
How does TLS affect my end users?
Data security is the foundation of everything we do at Zoho Desk. We take security very seriously and have developed a comprehensive set of practices, technologies, and policies to help ensure your data is secure. With the same perspective in mind we continue to offer a secure means of communication to our servers. Zoho Desk has upgraded its systems and application to accept Transport Layer Security (TLS) 1.2.
Zoho Desk's security compliance standards require your end users to access the following services using modern web browsers (Check the TLS version of your web browser) that support TLS 1.2.
For accessing following you need TLS 1.2 minimum.
Help Centers
Web-to-ticket Forms
Feedback Widgets
ASAP
Also, the following error screen is seen by end users while accessing the services over older browsers:
If you have further questions on it, please contact our support team.
Why should I upgrade to TLS 1.2 or above?
First and foremost, your customer's data is at risk. This is because the older versions of TLS don't meet security standards and are vulnerable to various types of attacks without any viable solutions. Second, you cannot access the Zoho Desk application since its usage requires at least TLS 1.2 or above.
Will user be able to access TLS 1.0/1.1?
We completed disabling support for TLS v1.0 and v1.1 on all user interface endpoints on May 15, 2019. After this date, we will no longer support communications made with the TLS 1.0 and TLS 1.1 protocols. While this change does not affect the majority of Zoho Desk users, a very small percentage may be impacted if your browser is not updated.
What measures should I take if I am on TLS1 1.0/1.1?
Users of TLS versions 1.0 and 1.1, should take the following actions as a safety precaution.
Check the TLS version of your web browser
It is important to ensure that your web browsers are up-to-date. Most browsers have supported TLS 1.1 for some time, but if you haven't updated your browser to the latest version, then you may be impacted by this upgrade. So please ensure you access Zoho Desk through one of the compatible browser versions listed below:
Google Chrome, version 49 and above
Mozilla Firefox, version 44 and above
Safari, version 9 and above
Opera, version 45 and above
Microsoft Edge – all versions
Check the TLS version of your mobile OS
If you access Zoho Desk through our mobile apps, please ensure you are on the following versions of the mobile platform:
Google Android, version 4.1 and above
iOS, version 5.1 and above
Windows phone, version 8.1 and above
Check the TLS version of your development environments
If you are using any of the following programming languages, you need to update them to communicate with our API effectively:
Java 6u45
Java 7u25
OpenSSL 0.9.8y
.NET 4.5 and below
.NET 4.5 (settings should be changed to enable TLS 1.2)
Check the TLS version of your phone bridge environments
If you are a PhoneBridge adapter user, please make sure you are using the latest Java version (Java 8) in the machine/server where you have installed our PhoneBridge adapter.
Can I install my own SSL certificate in Zoho Desk?
No, you can't install Wildcard, or other SSL certificates bought from third-party vendors in Zoho Desk. We take the onus of purchasing and adding Group-SSL certificates without any installation or cost overheads for our customers. Since it adds value to them, we would like to keep it this way.
If you want us to install an SSL certificate, write to us at support@zohodesk.com with the details of your support domain address. Typically, it takes us about three business days to install the certificate.
Why do I see other portals' URLs in my SSL certificate?
We use Group SSL (Secure Socket Layer) certificates to establish a secure, encrypted connection between your browser and our servers. Since these certificates are applied to many domain-mapped portals and considering all those sub-domains are having their CNAME pointed to desk.cs.zohohost.com, you will be able to see a string of portal URLs in your SSL certificate.
We hope that this list of frequently asked questions on Security is informative. If you still have questions that haven't been addressed, please let us know
here. We will be happy to discuss them with our subject matter experts and add them in the future. And please don't forget to share your rating below :)