Ex Libris Higher Education Platform API - deprecation of TLS 1.0 and TLS 1.1
- Product: Alma, Primo, Leganto, Esploro and Rapido
Ex Libris announced security changes that impact accessing and integrating with its Higher Education Platform API: Deprecation of Obsolete TLS 1.0 and TLS 1.1 Versions.
To avoid security vulnerabilities and to align with industry standards, Ex Libris is removing its support for TLS 1.0 and 1.1. It will be done for Alma, Primo, Leganto, Esploro, and Rapido as part of the Ex Libris Higher Education Platform. Ex Libris already contacted specific customers, which many of them started the upgrade process and now we are notifying the entire community. In order to avoid services disruption, it will be done gradually region by region. Ex Libris will monitor traffic as best as possible and notify you upfront on any potential issues. API traffic blocking will start by October 2021 and we aim to complete the process by May 2022 giving the customers the opportunity to take action as needed.
What is TLS?
Transport Layer Security (TLS) is a cryptographic protocol that provides authentication and data encryption between different endpoints (for example, the user’s desktop and the application server) and secures HTTPS. To best safeguard this Web traffic, it is important to use the most current and secure versions of the TLS protocol.
What is the change?
TLS version 1.0 and 1.1 are relatively old and several vulnerabilities were found in these versions. As a result, the recommendation is to stop using these TLS versions and use the more updated version 1.2 that is more secure and does not include such vulnerabilities. As such, Ex Libris is removing support for TLS 1.0 and 1.1 and will support only TLS 1.2.
What does it mean for our customers?
Customers with systems or applications using Ex Libris API supporting TLS 1.2 will fully function. Systems or applications which use either TLS 1.0 or 1.1 with Ex Libris API will not be able to have either in-going or outgoing transactions since they will be blocked by Ex Libris. These systems or applications will need to be upgraded by the customer and support TLS 1.2 in order to continue and operate fully.
Which actions Ex Libris is taking?
Ex Libris will block TLS 1.0 and 1.1 traffic for its API according to the following timeline:
-
Canada – October 17, 2021 - Done
-
APAC – February 20, 2022
-
Europe – March 10, 2022
-
America – May 15, 2022
Ex Libris is also monitoring traffic to identify common 3rd party products, systems and applications used by our customers. Ex Libris is proactively approaching vendors with hosted cloud-based systems that are commonly used by Ex Libris customers to ensure that there are no disruptions. For locally installed systems, you need to approach the specific vendor and ask for an upgrade in order to support TLS 1.2.
Which actions a customer should take?
-
Make sure all systems and applications using Ex Libris API support TLS 1.2.
-
Approach your IT department or other units which provide you with technical support for your systems.
- Applications, or other systems that access Ex Libris application
- Systems our application accessing, such as discovery system using SRU protocol
- Alma webhooks
How to test your systems and applications?
In preparation for the TLS 1.0 and 1.1 deprecation, you will need to confirm all your active APIs are using TLS 1.2 or upgrade them.
For that, we have established several testing gateways in Ex Libris Cloud that accept only TLS 1.2 while blocking other versions.
To test it, please send your API calls to the below URLs:
These URL's point to your production environment, so we suggest using only GET API calls for the testing. The 3rd party system should be used for testing and not the Ex Libris development network API console
NA: api-na-tlstest.hosted.exlibrisgroup.com
EU: api-eu-tlstest.hosted.exlibrisgroup.com
APAC: api-ap-tlstest.hosted.exlibrisgroup.com
CA: api-ca-tlstest.hosted.exlibrisgroup.com
If your calls are blocked and you get no reply, while the same API calls works via the regular API URL, it means that you send
transactions using a different version from TLS 1.2. In that case please work with your IT department/3rd party vendor to upgrade the API's TLS version.
TLS 1.3 will be supported in the future. Currently, we support only TLS 1.2
You can find more technical details in the following article: Ex Libris Knowledge Center - Transport Security Layer (TLS) Support
For further assistance with issues that may accord please contact Ex Libris customer support.
- Article last edited: 03-Sep-2019