At Axway, we take security very seriously. As we ensure our customers have the peace of mind that comes with using our Axway products, we regularly take the necessary steps and updates to meet the industry’s security standards.
Starting December 14, 2020, for AMPLIFY Runtime Services (ARS) and Backend-as-a-Service / Mobile Backend-as-a-Service (BaaS / MBaaS) we will be updating our support for Transport Layer Security (TLS) versions. With this update, we will be supporting both TLS 1.2 and 1.3 protocols and deprecating TLS 1.1 and 1.0 respectively.
What does this update mean?
For existing mobile applications, both Axway’s and customers’ who are using ARS and MBaaS, it means the following:
- If the application is published in Google Play Store or Apple AppStore, you are good to go as both Google and Apple also have the same TLS requirement and corresponding libraries in place.
- If the application is not published in either Google Play or Apple AppStore and users have to download it from another location, then you would need to ensure that the app is updated to reflect the appropriate corresponding TLS library. If the app is accessible over browsers such as Safari, Chrome, Edge, Firefox, etc please make sure to prompt the application users to update their browsers as applicable.
Below is the list of supported OS, along with their corresponding Hash, TLS Version, and supported Cipher that are associated with this update.
OS | Hash | TLS Version | Cipher |
Android 4.4.2 | EC 384 (SHA256) | TLS 1.2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp521r1 FS |
Android 5.0.0 | EC 384 (SHA256) | TLS 1.2 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp521r1 FS |
Android 6.0 | EC 384 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
Android 7.0 | EC 384 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDH x25519 FS |
Android 8.0 | EC 384 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDH x25519 FS |
Android 8.1 | – | TLS 1.3 | TLS_CHACHA20_POLY1305_SHA256 ECDH x25519 FS |
Android 9.0 | – | TLS 1.3 | TLS_CHACHA20_POLY1305_SHA256 ECDH x25519 FS |
BingPreview Jan 2015 | EC 384 (SHA256) | TLS 1.2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp521r1 FS |
Chrome 49 / XP SP3 | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
Chrome 69 / Win 7 R | EC 384 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH x25519 FS |
Chrome 70 / Win 10 | – | TLS 1.3 | TLS_AES_128_GCM_SHA256 ECDH x25519 FS |
Chrome 80 / Win 10 R | – | TLS 1.3 | TLS_AES_128_GCM_SHA256 ECDH x25519 FS |
Firefox 31.3.0 ESR / Win 7 | EC 384 (SHA256) | TLS 1.2 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
Firefox 47 / Win 7 R | EC 384 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
Firefox 49 / XP SP3 | EC 384 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
Firefox 62 / Win 7 R | EC 384 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH x25519 FS |
Firefox 73 / Win 10 R | – | TLS 1.3 | TLS_AES_128_GCM_SHA256 ECDH x25519 FS |
Googlebot Feb 2018 | EC 384 (SHA256) | TLS 1.2 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH x25519 FS |
IE 11 / Win 7 R | EC 384 (SHA256) | TLS 1.2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
IE 11 / Win 8.1 R | EC 384 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
IE 11 / Win Phone 8.1 R | EC 384 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
IE 11 / Win Phone 8.1 Update R | EC 384 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
IE 11 / Win 10 R | EC 384 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
Edge 15 / Win 10 R | EC 384 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS |
Edge 16 / Win 10 R | EC 384 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS |
Edge 18 / Win 10 R | EC 384 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS |
Edge 13 / Win Phone 10 R | EC 384 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
Java 8u161 | EC 384 (SHA256) | TLS 1.2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
Java 11.0.3 | – | TLS 1.3 | TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS |
Java 12.0.1 | – | TLS 1.3 | TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS |
OpenSSL 1.0.1l R | EC 384 (SHA256) | TLS 1.2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp521r1 FS |
OpenSSL 1.0.2s R | EC 384 (SHA256) | TLS 1.2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
OpenSSL 1.1.0k R | EC 384 (SHA256) | TLS 1.2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH x25519 FS |
OpenSSL 1.1.1c R | – | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH x25519 FS |
Safari 9 / iOS 9 R | EC 384 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
Safari 9 / OS X 10.11 R | EC 384 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
Safari 10 / iOS 10 R | EC 384 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
Safari 10 / OS X 10.12 R | EC 384 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
Safari 12.1.2 / MacOS 10.14.6 Beta R | – | TLS 1.3 | TLS_CHACHA20_POLY1305_SHA256 ECDH x25519 FS |
Safari 12.1.1 / iOS 12.3.1 R | – | TLS 1.3 | TLS_CHACHA20_POLY1305_SHA256 ECDH x25519 FS |
Apple ATS 9 / iOS 9 R | EC 384 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
Yahoo Slurp Jan 2015 | EC 384 (SHA256) | TLS 1.2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp384r1 FS |
YandexBot Jan 2015 | EC 384 (SHA256) | TLS 1.2 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp521r1 FS |
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE). | |||
(All) Certificate trust is not checked in handshake simulation, we only perform TLS handshake. |
What action(s) do you need to take?
- If your application is published in Google Play Store or Apple AppStore, you are good to go as both Google and Apple also have the same TLS requirement and corresponding libraries in place.
- If your application is not published in either Google Play or Apple AppStore and users have to download it from another location, then you would need to ensure that the app is updated to reflect the appropriate corresponding TLS library. If the app is accessible over browsers such as Safari, Chrome, Edge, Firefox, etc please make sure to prompt the application users to update their browsers as applicable.
As always, you can reach out to support should you have any additional questions.
Read more about TLS protocols here
Follow us on social