TLS 1.2 Update and APIs

As we plan to retire support for older TLS versions (1.1 & 1.0) by 5th Dec 2018, our customers who use Application Program Interfaces(APIs) may need to perform some changes in their systems.

Some versions of the platforms used may be compatible with TLS 1.2 by default, while some of them may not. However, it is quite simple to enable seamless integration of APIs with a few steps.

What is API Integration?

API Integrations are applications or interfaces between other services and Zoho, which process requests and ensure smooth functioning of systems. The APIs communicate requests by transferring some data to a server and retrieving it back into the original application that was accessed.

It is necessary that TLS 1.2 encryption protocols are enabled in the API integrations in order ensure safe and smooth integrations.

Actions Required for API Integration

If TLS 1.2 is not enabled by the end of October, after which TLS 1.1 and 1.0 will not be supported, API integrations will not function properly . It is recommended that you support TLS 1.2 before we make this change.

Platform	Version	Comments
Java	1.8	Compatible with TLS 1.2 by default.
	1.7 and 1.6 (121 or higher)	Compatible with TLS 1.2 but not enabled by default. The following code will make it compatible with TLS 1.2 : SSLContext ssl = SSLContext.getInstance("TLSv1.2"); ssl.init(null, null, new SecureRandom()); HttpsURLConnection connection = (HttpsURLConnection) url.openConnection("https://tlstest.zoho.com/api"); connection.setSSLSocketFactory(ssl.getSocketFactory());
	Below 1.6(121)	Not compatible by default and must be updated.

.NET

4.6 and above

Compatible with TLS 1.2 by default.

4.5

Compatible with TLS 1.2 but not enabled by default.

The following code will make it compatible with TLS 1.2.

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

Note: Must be executed before making a connection to secured resource:

Below 4.5

Not compatible by default and must be updated.

Ruby	2.0.0	TLS 1.2 is enabled by default when used with OpenSSL 1.0.1 or higher versions.
Ruby	1.9.3 and below	Not compatible by default and must be updated.

Python	2.7.9 and above	Compatible with TLS 1.2 by default.
Python	2.7.8 and below	Not compatible by default and must be updated

OpenSSL	1.0.1 and higher	Compatible with TLS 1.2 by default.
OpenSSL	Below 1.0.1	Not compatible by default and must be updated

How to test the compatibility of an API:

Access the following API in a manner similar to that of accessing your existing API integration:

https://tlstest.zoho.com/api
If the response looks like the one below, it can be understood that you are connecting to our APIs using TLS 1.2.

{"status": 200,"message": "Connection Success","version": "TLSv1.2"}

If the response says "Connection failed", the changes mentioned above must be implemented to continue integrating with our APIs.

As the end of support for older versions is approaching, it is advisable to check and update your TLS versions. For further queries, security@zohocorp.com can be contacted.