Discontinuing support for deprecated TLS encryption protocols
By Sean Needham
As mentioned recently in the Encryption in Transit article on the Siteimprove blog, Siteimprove will discontinue support for deprecated encryption protocols, namely TLS 1.0, 1.1 and will instead provide support for TLS 1.2 and 1.3 only.
Discontinuing support for these older encryption technologies may affect some of our customers, depending on the way in which you interact with the Siteimprove platform.
The below table highlights the component of the Siteimprove platform and the associated deadline for using outdated encryption protocols.
|Platform Component||Environment/Access method||
*Deadline for using
Single Sign-on application (version 1)
|Single Sign-on application (version 2)||01-09-2019|
|API||Application Programming Interface||01-09-2019|
*After the deadline, stakeholders will be affected as detailed below.
** SSO1 support will be discontinued on 01/12/2020. TLS 1.0/1.1 will still be supported until that moment. Customers are advised to configure their SSO integration to use only TLS 1.2, until they have migrated to SSO2.
Siteimprove platform end users (id, my, my2)
Most end user will not have a problem as the majority of browsers support the latest encryption protocols.
However, if are using an outdated browser which does not support TLS 1.2 by default, you will no longer be able to access the platform.
For further information see this list of such outdated browsers. To maintain access and connectivity to the Siteimprove platform, you are required to use Siteimprove supported browsers as detailed on the Siteimprove Help Center.
It is also recommended to clear the browser’s SSL/TLS state. This is dependent on the browser. We recommend checking the documentation for your specific browser.
Enterprise customers relying on SSO connectivity (id, sso, sso2)
The following applies to customers accessing the platform via Single Sign-on (SSO) using TLS 1.0 and TLS 1.1:
The Identity Provider (IdP) must be configured to connect on TLS 1.2 by default and disable connectivity on TLS 1.0 and 1.1. For information on how to do this, consult the technical documentation of the Identity Provider.
CMS administrators and Siteimprove partners developing CMS plugins (id, my, my2, api, CMS plugins)
The following applies to customers using CMS plugins that connect by default on older encryption technologies:
Siteimprove partners have developed a CMS plugin that integrates with the platform. Some of the plugins are configured by default to use older encryption protocols and cannot connect automatically via the newer protocols. This issue was noticed with plugins developed using Microsoft's .NET programming language. Siteimprove recommends partners and developers to adhere to the following minimal requirements for development of CMS plugins based on .NET:
- Windows Server 2012+ or 2008 with TLS 1.2 update
- .NET Framework 4.6.1+
For the development of CMS plugins in a non-Microsoft environment, we always recommend using the latest available libraries as well as enabling default connectivity on TLS 1.2, if not already enabled.
If the plugins coding standards cannot adhere to the minimal requirements of the platform, Siteimprove cannot guarantee their functionality. Siteimprove encourages all partners to verify these requirements and to engage in additional development, if applicable, to maintain their plugin functionality.
The list of accepted Siteimprove CMS plugins can be found in the Integrations section of the Siteimprove website.
Developers working with the Siteimprove API (api, CMS plugins)
The following applies to customers using the Siteimprove API:
Siteimprove offers its customers an API which can be used to further develop custom integrations with the platform.
Customer developers must make sure that their integration will be compatible with newer encryption protocols only. Otherwise, Siteimprove cannot guarantee functionality with the API.