Skip to main content
ExLibris
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Security Update - Deprecation of Obsolete TLS 1.0 and TLS 1.1 Versions – Updated April 16, 2019

    Subject: Deprecation of Obsolete TLS 1.0 and TLS 1.1 Versions – Updated April 16, 2019

    Overview

    Transport Layer Security (TLS) is a critical cryptographic protocol that provides authentication and data encryption between different endpoints (for example, the user’s desktop and the application server) and secures HTTPS. To best safeguard this Web traffic, it is important to use current and more secure versions of the TLS protocol. The legacy TLS 1.0 and 1.1 versions, which date back to 1999, account for a very small percentage of Web traffic today, and various vulnerabilities (such as POODLE and DROWN) have been found in these legacy versions in recent years. TLS 1.2 was published in 2008 to address weaknesses in TLS 1.0 and 1.1 and has enjoyed wide adoption since then.

    With the recent finalization of TLS 1.3 by the IETF in August 2018, Apple, Google, Microsoft, and Mozilla announced the end of support for TLS 1.0 and 1.1 in Chrome, Edge, IE, Firefox, and Safari. In line with these industry standards, Ex Libris will deprecate TLS 1.0 and TLS 1.1.

    This change - together with similar actions from Microsoft, Apple, Google, and Mozilla - support better performance, more secure connections, and helps advance a safer Web experience.

    We understand that the security of your data is important, and we are committed to transparency about changes that may affect your use of the TLS service.

    After Ex Libris deprecates TLS 1.0 and TLS 1.1, any inbound or outbound connections that rely on these protocols will fail. 

    Schedule of TLS 1.0 and TLS 1.1 Deprecation
    Product Effective Date
    campusM Completed
    Pivot Completed
    360 Completed
    Alma May 31, 2019
    Primo
    Leganto
    Summon
    Aleph
    Voyager
    Rosetta
    Research Professional June 30, 2019
    SFX July 31, 2019
    Ex Libris Websites August 31, 2019
    RefWorks October 31, 2019

    Affected Systems

    All systems and products that use SSL certificates are affected by this change.

    Required Configurations for Hosted Systems

    Ex Libris will deploy the required configuration to all Ex Libris cloud servers.

    Required Configurations for On-Premise/Local Systems

    Ex Libris recommends that customers with on-premise/local systems follow their server vendor’s instructions and disable TLS 1.0 and TLS 1.1.

    For customers using load balancer, follow your vendor’s instructions.

    For customers using Apache SSL configuration, see Ex Libris best practice for TLS configuration in Apache.