Issued: 1st February 2021
This bulletin addresses upcoming changes to the Contrast SaaS system.
What’s changing?
On 30th September 2021, support for communication to the Contrast SaaS system using TLS 1.0 & 1.1 will be deprecated. All future communication will require TLS 1.2+.
Why are we making this change?
While Contrast has continued to provide TLS 1.0 & 1.1 support as a requirement for customers using legacy systems, best practices (eg. as outlined in RFC 7525) and industry standards (eg. PCI-DSS) recommend use of TLS 1.2+. SSL Labs lowered the grade for TLS 1.0 & 1.1 to “B” on 31st January 2020.
What does this mean for you?
- Contrast UI traffic:
As all major browsers deprecated support for TLS 1.0 & 1.1 in early 2020, no action is required to maintain access to the Contrast UI. - Agent traffic:
All Contrast agents will communicate using TLS 1.2+ if possible. However, certain .NET Framework and Java environments default to using earlier TLS versions and will need to be configured to enable TLS 1.2. Please see the following Knowledge Article for further details on configuring supported systems: Contrast SaaS Connectivity with TLSv1.2
If you have any questions, concerns, or would like to discuss this issue further, please don’t hesitate to reach out to us at support@contrastsecurity.com.