Desupporting TLS 1.0

UPDATES

As of July 31, 2018, TokBox services no longer support TLS 1.0. Most customers appear to have transitioned without incident but we are getting reports that customers using .NET 4.5 and TLS 1.2 are seeing the issues. We believe it is because TLS configuration is not being enforced. 

You can force TLS on by adding this configuration in your server set up:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

This forces the use of TLS1.2 for the .NET SDK.

Overview

Please use TLS 1.2 in any applications you develop to use the OpenTok platform. We are removing support for TLS 1.0 on July 31, 2018 and any application using that protocol will stop working at that time. 

PCI Security Standards Council published a helpful migration guide you may find useful: LINK. 

We intend to stop supporting TLS 1.1 at some time and will update this page when a date is determined. 

TokBox considerations

  • If you’re using any of the supported versions of following client SDKs, your application will not be affected:
    • JS SDK
    • iOS SDK
    • Android SDK
    • Windows SDK
  • Some server SDKs may have dependencies you should be aware of:
    • .NET SDK - servers running with .NET v4.0 need to upgrade their .NET version to the 4.5 .NET framework or a more recent version
    • Java SDK - Java 8 uses TLSv1.2 as default
      • You must use Java 1.7.0_131-b31 or higher for TLS 1.1 support. For more details on TLS, SSL, and HTTPs for Java, please see the following blog from the Java Platform Group.
      • Please use the latest OpenTok Java SDK as it uses async-http-client 2.x.x, which supports TLS 1.2. 
    • PHP SDK - PHP > 5.6 has TLSv1.2. Our PHP SDK only supports 5.6 and greater
  • If you use our REST APIs, you should be aware of the libraries you are using. 

Testing your application server environment

To check your server environment, make a REST call from your server to this URL: https://preview.opentok.com/tls-check.json

Please keep in mind that the URL mentioned above is not a real API endpoint as it only returns sample information.

If a connection is established with your current TLS configuration which is controlled by the server environment, no further action is required on your end. However, if your server fails to establish a connection with OpenTok, you will have to update your server environment as needed.

To make it simpler, we’ve created scripts that you can run on your production environment to verify successful connections:

Have more questions? Submit a request