Change to Autotask’s TLS Protocol
What will this change affect?
This change will affect all incoming web browser based traffic as well as API traffic to both API Sandbox and Production databases.
When will this change take place?
We will take a phased approached to disabling the above protocols for both inbound and outbound API calls to allow customers ample time to test and ensure your preparation.
On January 16, 2017, we will enforce TLS 1.2 protocols for all databases in the Pre-Release Zone.
On April 18, 2017 15:00 UTC, we will enforce TLS 1.2 protocols for all databases in all Zones.
How do I prepare for this change?
Testing should be done between 1/16/2017 and 3/18/2017using the URL below:
Inbound Preparation (API and Web Browsing)
For Inbound API testing, use the following endpoint listed below based on your need to test SOAP API’s.
*Please note: We have setup a sandbox for users to leverage the getZoneInfo calls against for purposes of testing connectivity. Please leverage the getZoneInfo() API call in the pre-release webservices URL to confirm connectivity:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap=" xmlns:xsi=" xmlns:xsd="
<soap:Header>
<AutotaskIntegrations xmlns="
<PartnerID>
</PartnerID>
</AutotaskIntegrations>
</soap:Header>
<soap:Body>
<getZoneInfo xmlns="
<UserName></UserName>
</getZoneInfo>
</soap:Body>
</soap:Envelope>
See the table below for common libraries and their compatibility with TLS 1.2. If the library you use is not listed here, please reach out to your software vendor.
Library / TLS 1.1/1.2 Compatibility NotesJava 8 (1.8) and higher / Compatible by default
Java 7 (1.7) / See Java documentation to enable TLS 1.1 and TLS 1.2
Java 6 (1.6) and below / Not compatible with TLS 1.1 or higher encryption
.NET 4.5 and higher / Compatible by default
.NET 4.0 / TLS 1.2 not enabled by default. To enable TLS 1.2, it is possible to set the SchUseStrongCrypto DWORD value in the following two registry keys to 1, creating them if they don't exist: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" and "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319".
.NET 3.5 and below / Not compatible with TLS 1.1 or higher encryption
Python 2.7.9 and higher / Compatible by default
Python 2.7.8 and below / Not compatible with TLS 1.1 or higher encryption
Ruby 2.0.0 / TLS 1.2 is enabled by default when used with OpenSSL 1.0.1 or higher. Using the :TLSv1_2 (preferred) or :TLSv1_1 symbols with an SSLContext's ssl_version ensures TLS 1.0 or earlier is disabled
Ruby 1.9.3 and below / The :TLSv1_2 symbol does not exist in 1.9.3 and below. It can be patch to add that symbol and compile Ruby with OpenSSL 1.0.1 or higher
Windows Server 2008 R2 and higher / Compatible by default
Windows Server 2008 and below / Not compatible with TLS 1.1 or higher encryption
OpenSSL 1.0.1 and higher / Compatible by default
OpenSSL 1.0.0 and below / Not compatible with TLS 1.1 or higher encryption
Mozilla NSS 3.15.1 and higher / Compatible by default
Mozilla NSS 3.14 to 3.15 / Compatible with TLS 1.1, but not with TLS 1.2
Mozilla NS 3.13.6 and below / Not compatible with TLS 1.1 or higher encryption
Inbound Browser Preparation
To test web browsing, first ensure your browser meets Autotask’s Browser Support Policy found here. We currently support these browsers on vendor supported operating systems only and no additional action needs to be taken as long as you are using a supported browser.
Once you have confirmed you are using a supported browser and version, login to confirm you can access the environment. Below is table listing the version of supported browsers and their support for TLS 1.2.
Browser / CompatibilityDesktop and mobile IE version 11 / Compatible by default
Microsoft Edge / Compatible by default
Firefox 27 and higher / Compatible by default
Google Chrome 38 and higher / Compatible by default
Mobile Safari versions 5 and higher / Compatible by default
Inbound API testing
During the first stages of the conversion, customers will be able to test that they are able to successfully connect using the new protocols. To perform this test, leverage the getZoneInfo() API call in the pre-release webservices URL ( This will help determine if any connection issues exist in your implementation.
What happens if I take no action?
If youtake noaction, your systemsmay be unable to connectto the Autotask Production or API environments after this change is implemented. Please follow up with your local IT team to ensure you take the appropriate actions.
Autotask Support is readily available to answer any additional questions you may have.
Please contact us at (518)720-3500, option 2 or email .
Thanks
Autotask Client Services Team