API Development

ARS & MBaaS Supported TLS Version Update

At Axway, we take security very seriously. As we ensure our customers have the peace of mind that comes with using our Axway products, we regularly take the necessary steps and updates to meet the industry’s security standards.

Starting December 14, 2020, for AMPLIFY Runtime Services (ARS) and Backend-as-a-Service / Mobile Backend-as-a-Service (BaaS / MBaaS) we will be updating our support for Transport Layer Security (TLS) versions. With this update, we will be supporting both TLS 1.2 and 1.3 protocols and deprecating TLS 1.1 and 1.0 respectively.

What does this update mean?

For existing mobile applications, both Axway’s and customers’ who are using ARS and MBaaS, it means the following:

  1. If the application is published in Google Play Store or Apple AppStore, you are good to go as both Google and Apple also have the same TLS requirement and corresponding libraries in place.
  2. If the application is not published in either Google Play or Apple AppStore and users have to download it from another location, then you would need to ensure that the app is updated to reflect the appropriate corresponding TLS library. If the app is accessible over browsers such as Safari, Chrome, Edge, Firefox, etc please make sure to prompt the application users to update their browsers as applicable.

Below is the list of supported OS, along with their corresponding Hash, TLS Version, and supported Cipher that are associated with this update.

OSHashTLS VersionCipher
Android 4.4.2EC 384 (SHA256)  TLS 1.2TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp521r1  FS
Android 5.0.0EC 384 (SHA256)  TLS 1.2TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH secp521r1  FS
Android 6.0EC 384 (SHA256)  TLS 1.2 > http/1.1TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Android 7.0EC 384 (SHA256)  TLS 1.2 > h2TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256   ECDH x25519  FS
Android 8.0EC 384 (SHA256)  TLS 1.2 > h2TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256   ECDH x25519  FS
Android 8.1TLS 1.3TLS_CHACHA20_POLY1305_SHA256   ECDH x25519  FS
Android 9.0TLS 1.3TLS_CHACHA20_POLY1305_SHA256   ECDH x25519  FS
BingPreview Jan 2015EC 384 (SHA256)TLS 1.2TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp521r1  FS
Chrome 49 / XP SP3RSA 2048 (SHA256)  TLS 1.2 > h2TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Chrome 69 / Win 7  REC 384 (SHA256)  TLS 1.2 > h2TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Chrome 70 / Win 10TLS 1.3TLS_AES_128_GCM_SHA256   ECDH x25519  FS
Chrome 80 / Win 10  RTLS 1.3TLS_AES_128_GCM_SHA256   ECDH x25519  FS
Firefox 31.3.0 ESR / Win 7EC 384 (SHA256)  TLS 1.2TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Firefox 47 / Win 7  REC 384 (SHA256)  TLS 1.2 > h2TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Firefox 49 / XP SP3EC 384 (SHA256)  TLS 1.2 > h2TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Firefox 62 / Win 7  REC 384 (SHA256)  TLS 1.2 > h2TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Firefox 73 / Win 10  RTLS 1.3TLS_AES_128_GCM_SHA256   ECDH x25519  FS
Googlebot Feb 2018EC 384 (SHA256)  TLS 1.2TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
IE 11 / Win 7  REC 384 (SHA256)  TLS 1.2TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
IE 11 / Win 8.1  REC 384 (SHA256)  TLS 1.2 > http/1.1TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
IE 11 / Win Phone 8.1  REC 384 (SHA256)  TLS 1.2 > http/1.1TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
IE 11 / Win Phone 8.1 Update  REC 384 (SHA256)  TLS 1.2 > http/1.1TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
IE 11 / Win 10  REC 384 (SHA256)  TLS 1.2 > h2TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Edge 15 / Win 10  REC 384 (SHA256)  TLS 1.2 > h2TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH x25519  FS
Edge 16 / Win 10  REC 384 (SHA256)  TLS 1.2 > h2TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH x25519  FS
Edge 18 / Win 10  REC 384 (SHA256)  TLS 1.2 > h2TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH x25519  FS
Edge 13 / Win Phone 10  REC 384 (SHA256)  TLS 1.2 > h2TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Java 8u161EC 384 (SHA256)  TLS 1.2TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Java 11.0.3TLS 1.3TLS_AES_128_GCM_SHA256   ECDH secp256r1  FS
Java 12.0.1TLS 1.3TLS_AES_128_GCM_SHA256   ECDH secp256r1  FS
OpenSSL 1.0.1l  REC 384 (SHA256)  TLS 1.2TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp521r1  FS
OpenSSL 1.0.2s  REC 384 (SHA256)  TLS 1.2TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
OpenSSL 1.1.0k  REC 384 (SHA256)  TLS 1.2TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH x25519  FS
OpenSSL 1.1.1c  RTLS 1.3TLS_AES_256_GCM_SHA384   ECDH x25519  FS
Safari 9 / iOS 9  REC 384 (SHA256)  TLS 1.2 > h2TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Safari 9 / OS X 10.11  REC 384 (SHA256)  TLS 1.2 > h2TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Safari 10 / iOS 10  REC 384 (SHA256)  TLS 1.2 > h2TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Safari 10 / OS X 10.12  REC 384 (SHA256)  TLS 1.2 > h2TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Safari 12.1.2 / MacOS 10.14.6 Beta  RTLS 1.3TLS_CHACHA20_POLY1305_SHA256   ECDH x25519  FS
Safari 12.1.1 / iOS 12.3.1  RTLS 1.3TLS_CHACHA20_POLY1305_SHA256   ECDH x25519  FS
Apple ATS 9 / iOS 9  REC 384 (SHA256)  TLS 1.2 > h2TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Yahoo Slurp Jan 2015EC 384 (SHA256)  TLS 1.2TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
YandexBot Jan 2015EC 384 (SHA256)  TLS 1.2TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp521r1  FS
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).
(All) Certificate trust is not checked in handshake simulation, we only perform TLS handshake. 

What action(s) do you need to take?

  1. If your application is published in Google Play Store or Apple AppStore, you are good to go as both Google and Apple also have the same TLS requirement and corresponding libraries in place.
  2. If your application is not published in either Google Play or Apple AppStore and users have to download it from another location, then you would need to ensure that the app is updated to reflect the appropriate corresponding TLS library. If the app is accessible over browsers such as Safari, Chrome, Edge, Firefox, etc please make sure to prompt the application users to update their browsers as applicable.

As always, you can reach out to support should you have any additional questions.

Read more about TLS protocols here