Ex Libris Higher Education Platform - deprecation of TLS 1.0 and TLS 1.1
- Product: Alma, Leganto, Esploro and Primo
On April 16, 2019, Ex Libris announced security changes that impact accessing and integrating with its Higher Education Platform: Deprecation of Obsolete TLS 1.0 and TLS 1.1 Versions.
To avoid security vulnerabilities and to align with industry standards, Ex Libris is removing its support for TLS 1.0 and 1.1. It will be done for Alma, Primo, Leganto and Esploro as part of the Ex Libris Higher Education Platform. This occurred in all sandbox environments in April 2019 and started on production environments in May 2019.
In order to avoid services disruption, it will be handled as an ongoing process. Ex Libris will monitor traffic as best as possible and notify upfront on any potential issues. Our goal is to complete the process by the end of 2019 giving the customers the opportunity to take action as needed.
What is TLS?
Transport Layer Security (TLS) is a cryptographic protocol that provides authentication and data encryption between different endpoints (for example, the user’s desktop and the application server) and secures HTTPS. To best safeguard this Web traffic, it is important to use the most current and secure versions of the TLS protocol.
What is the change?
TLS version 1.0 and 1.1 are relatively old and several vulnerabilities were found in these versions. As a result, the recommendation is to stop using these TLS versions and use the more updated version 1.2 that is more secure and does not include such vulnerabilities. As such, Ex Libris is removing support for TLS 1.0 and 1.1 and will support only TLS 1.2. The move to TLS 1.2 is in progress and will be completed for all web access by the end of 2019.
What does it mean for our customers?
The user using the newest web browsers will be able to continue and use the application, as today. Users with very old versions of web browsers will not be able to access the application. They should upgrade to a later web browsers version, which supports TLS 1.2.
Web pages or applications accessing the Ex Libris platform will keep working if they support TLS 1.2. For example, ILLiad (ILL system) hosted was upgraded to support TLS 1.2. When there are web pages or applications which do not support TLS 1.2 they will not be able to access until they support TLS 1.2.
Which actions Ex Libris is taking?
Ex Libris is monitoring traffic to identify common 3rd party products used by our customers. Ex Libris is proactively approaching vendors with hosted cloud-based systems that are commonly used by Ex Libris customers to ensure that there are no disruptions. For example, ILLiad (OCLC).
So far, Ex Libris has not identified additional potential products. For locally installed systems, you need to approach the specific vendor and ask for switching to support TLS 1.2.
Which actions a customer should take?
- Make sure all web browsers used by staff support TLS 1.2 (see below).
- Approach your IT department or other units which provide you with technical support for your systems.
We recommend you ask them about the below components making sure they support TLS 1.2:
- websites retrieving information from Ex Libris through a web access protocol
- Applications, or other systems that access Ex Libris application
- Systems our application accessing, such as discovery system using SRU protocol
- Alma webhooks
For further technical information please point them to the additional references.
Ex Libris is planning to continue with removing security vulnerabilities and to align with industry standards also for our APIs. We will deprecate TLS 1.0 and 1.1 also for API during. It is recommended, as part of your approaching technical support, to ask to identify potential APIs which needs to support TLS 1.2. We will provide additional instructions in the future.
Which web browser support TLS 1.2?
The following table lists the date by which common internet browsers support TLS 1.2:
Browser
|
Supported from
|
---|---|
Internet Explorer
|
Version 11 (October 2013)
|
Edge
|
Version 12 (July 2015)
|
Firefox
|
Version 27 (February 2014)
|
Chrome
|
Version 30 (August 2013)
|
Safari
|
Version 7 (October 2013)
|
To identify your browser, visit https://detectmybrowser.com/.
A comprehensive list of browsers that support TLS 1.2 can be found here: https://www.ssllabs.com/ssltest/clients.html
Additional References
You can find more technical details in the following article: Ex Libris Knowledge Center - Transport Security Layer (TLS) Support
For further assistance with issues that may accord please contact Ex Libris customer support.
- Article last edited: 03-Sep-2019