ARS & MBaaS Supported TLS Version Update

At Axway, we take security very seriously. As we ensure our customers have the peace of mind that comes with using our Axway products, we regularly take the necessary steps and updates to meet the industry’s security standards.

Starting December 14, 2020, for AMPLIFY Runtime Services (ARS) and Backend-as-a-Service / Mobile Backend-as-a-Service (BaaS / MBaaS) we will be updating our support for Transport Layer Security (TLS) versions. With this update, we will be supporting both TLS 1.2 and 1.3 protocols and deprecating TLS 1.1 and 1.0 respectively.

What does this update mean?

For existing mobile applications, both Axway’s and customers’ who are using ARS and MBaaS, it means the following:

  1. If the application is published in Google Play Store or Apple AppStore, you are good to go as both Google and Apple also have the same TLS requirement and corresponding libraries in place.
  2. If the application is not published in either Google Play or Apple AppStore and users have to download it from another location, then you would need to ensure that the app is updated to reflect the appropriate corresponding TLS library. If the app is accessible over browsers such as Safari, Chrome, Edge, Firefox, etc please make sure to prompt the application users to update their browsers as applicable.

Below is the list of supported OS, along with their corresponding Hash, TLS Version, and supported Cipher that are associated with this update.

OS Hash TLS Version Cipher
Android 4.4.2 EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp521r1  FS
Android 5.0.0 EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH secp521r1  FS
Android 6.0 EC 384 (SHA256)   TLS 1.2 > http/1.1 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Android 7.0 EC 384 (SHA256)   TLS 1.2 > h2 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256   ECDH x25519  FS
Android 8.0 EC 384 (SHA256)   TLS 1.2 > h2 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256   ECDH x25519  FS
Android 8.1 TLS 1.3 TLS_CHACHA20_POLY1305_SHA256   ECDH x25519  FS
Android 9.0 TLS 1.3 TLS_CHACHA20_POLY1305_SHA256   ECDH x25519  FS
BingPreview Jan 2015 EC 384 (SHA256) TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp521r1  FS
Chrome 49 / XP SP3 RSA 2048 (SHA256)   TLS 1.2 > h2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Chrome 69 / Win 7  R EC 384 (SHA256)   TLS 1.2 > h2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Chrome 70 / Win 10 TLS 1.3 TLS_AES_128_GCM_SHA256   ECDH x25519  FS
Chrome 80 / Win 10  R TLS 1.3 TLS_AES_128_GCM_SHA256   ECDH x25519  FS
Firefox 31.3.0 ESR / Win 7 EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Firefox 47 / Win 7  R EC 384 (SHA256)   TLS 1.2 > h2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Firefox 49 / XP SP3 EC 384 (SHA256)   TLS 1.2 > h2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Firefox 62 / Win 7  R EC 384 (SHA256)   TLS 1.2 > h2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Firefox 73 / Win 10  R TLS 1.3 TLS_AES_128_GCM_SHA256   ECDH x25519  FS
Googlebot Feb 2018 EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
IE 11 / Win 7  R EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
IE 11 / Win 8.1  R EC 384 (SHA256)   TLS 1.2 > http/1.1 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
IE 11 / Win Phone 8.1  R EC 384 (SHA256)   TLS 1.2 > http/1.1 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
IE 11 / Win Phone 8.1 Update  R EC 384 (SHA256)   TLS 1.2 > http/1.1 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
IE 11 / Win 10  R EC 384 (SHA256)   TLS 1.2 > h2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Edge 15 / Win 10  R EC 384 (SHA256)   TLS 1.2 > h2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH x25519  FS
Edge 16 / Win 10  R EC 384 (SHA256)   TLS 1.2 > h2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH x25519  FS
Edge 18 / Win 10  R EC 384 (SHA256)   TLS 1.2 > h2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH x25519  FS
Edge 13 / Win Phone 10  R EC 384 (SHA256)   TLS 1.2 > h2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Java 8u161 EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Java 11.0.3 TLS 1.3 TLS_AES_128_GCM_SHA256   ECDH secp256r1  FS
Java 12.0.1 TLS 1.3 TLS_AES_128_GCM_SHA256   ECDH secp256r1  FS
OpenSSL 1.0.1l  R EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp521r1  FS
OpenSSL 1.0.2s  R EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
OpenSSL 1.1.0k  R EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH x25519  FS
OpenSSL 1.1.1c  R TLS 1.3 TLS_AES_256_GCM_SHA384   ECDH x25519  FS
Safari 9 / iOS 9  R EC 384 (SHA256)   TLS 1.2 > h2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Safari 9 / OS X 10.11  R EC 384 (SHA256)   TLS 1.2 > h2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Safari 10 / iOS 10  R EC 384 (SHA256)   TLS 1.2 > h2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Safari 10 / OS X 10.12  R EC 384 (SHA256)   TLS 1.2 > h2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Safari 12.1.2 / MacOS 10.14.6 Beta  R TLS 1.3 TLS_CHACHA20_POLY1305_SHA256   ECDH x25519  FS
Safari 12.1.1 / iOS 12.3.1  R TLS 1.3 TLS_CHACHA20_POLY1305_SHA256   ECDH x25519  FS
Apple ATS 9 / iOS 9  R EC 384 (SHA256)   TLS 1.2 > h2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Yahoo Slurp Jan 2015 EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
YandexBot Jan 2015 EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp521r1  FS
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).
(All) Certificate trust is not checked in handshake simulation, we only perform TLS handshake. 

What action(s) do you need to take?

  1. If your application is published in Google Play Store or Apple AppStore, you are good to go as both Google and Apple also have the same TLS requirement and corresponding libraries in place.
  2. If your application is not published in either Google Play or Apple AppStore and users have to download it from another location, then you would need to ensure that the app is updated to reflect the appropriate corresponding TLS library. If the app is accessible over browsers such as Safari, Chrome, Edge, Firefox, etc please make sure to prompt the application users to update their browsers as applicable.

As always, you can reach out to support should you have any additional questions.

Read more about TLS protocols here