Engineering BlogAtom Feed

James Brown

January 2020 Security Updates

by James Brown

As mentioned in our 2018 blog post entitled Upcoming Security Updates, EasyPost is officially phasing out support for older versions of the Transport Layer Security (TLS)opens in new tab protocol (formerly known as SSL, or Secure Sockets Layer) for connections to our API. TLSv1.0 and TLSv1.1 have known security risks, and have been phased out across the Internet in favor of newer versions since the publication of RFC5246 in 2008. Below is an updated schedule for this deprecation:

Tuesday, January 7, 2020 13:00 PSTTLSv1.0 disabled for 15 minute test
Tuesday, January 14, 2020 13:00 PSTTLSv1.0 disabled for 15 minute test
Wednesday, January 15, 2020 13:00 PSTTLSv1.0 permanently disabled
Tuesday, January 21, 2020 13:00 PSTTLSv1.1 disabled for 15 minute test
Wednesday, January 22, 2020 13:00 PSTTLSv1.1 disabled for 15 minute test
Thursday, January 23, 2020 13:00 PSTTLSv1.1 permanently disabled

At the conclusion of these changes, we will exclusively support the TLSv1.2 protocol. We expect to add experimental support for the TLSv1.3 protocol later in 2020.

As of January 15th, the following clients will no longer be able to access EasyPost:

Our engineering and technical support teams have been working with customers for the last twelve months to ensure that everybody's updated, and we're glad to report that over 99.6% of our traffic now comes from supported clients. If you have any questions or concerns, please contact our support team at support@easypost.com.