Anypoint Platform TLS 1.0 Deprecation
In an effort to ensure the highest levels of security for our customers, and in response to the PCI-DSS 3.1 standard, MuleSoft has begun the process of removing TLS v1.0, and replacing with TLS v1.2 as the default encryption protocol for inbound and outbound connections to Anypoint Platform.
Why are you doing this?
Starting in mid-2015, it was determined by many leading institutions, including the U.S. Federal Government and the PCI Security Council, that the risk of using the vulnerable TLS v1.0 must be mitigated by retiring TLS v1.0. In April 2015, the PCI Security Council took the recommendation a step further when it released version 3.1 to the PCI DSS standard. This update excluded SSL v3.0, TLS v1.0, and some ciphers supported by TLS v1.1 from protocols supporting strong cryptography. This means in order for MuleSoft to provide strong cryptography to our customers we must discontinue support for TLS v1.0 and older protocols and ciphers.
How will this affect me as a MuleSoft customer?
This could affect a customer in two different ways:
- Upon login to Anypoint Platform – Once the default protocol is TLS v1.2 you could notice a browser issue. This is highly unlikely as all major browsers (Chrome, Firefox, Internet Explorer, Safari and Opera) have had support for TLS v1.2 by default for over 2 years. Here is more information about TLS browser support.
- Using Mule runtimes and API Gateways – For the vast majority of customers using Mule runtime 3.7+ or API Gateway 2.0+ this change will be invisible, and TLS will simply auto-negotiate. It is always a good idea to make sure you are using the newest runtime versions or have a plan to migrate to the newest versions. As an example, here is a recent post providing more information about TLS, and some of the new features included in Mule 3.8.
When are you planning on doing this deprecation?
The planned date for disallowing TLS v1 connections into Anypoint platform is Oct 3, 2016. Customers can learn more by accessing the MuleSoft support article containing details about the TLS 1.0 deprecation on Anypoint Platform.
What happens if I have a problem?
If you have an issue with an integration not supporting TLS v1.1/v1.2 please open up a ticket with support as soon as possible.