This article was last updated on July 10, 2017
Kintone will be requiring an upgrade to TLS 1.1 or higher by September 8th, 2017 in order to comply with industry best practices for security and data integrity. We will begin disabling TLS 1.0 on that date. Action on your part may be required prior to this date to prevent any disruption to your production instance. Additionally, to further improve data security and integrity, we will also eliminate the 3DES encryption suite.
This article contains the information currently published on Kintone’s disablement of the TLS 1.0 encryption protocol and migration to TLS 1.1 and above. This article will be updated if, and when, new information becomes available. Please return for support on preparing for TLS 1.0 disablement.
What is TLS?
TLS is short for “Transport Layer Security”, and is a protocol that provides privacy and data integrity between two communicating applications. It’s the most widely used security protocol currently, and is used for web browsers and other applications that require data to be securely exchanged over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification. The versions of TLS include TLS 1.0, 1.1 and 1.2.
What and when is the change?
Kintone is requiring an upgrade to TLS 1.1 or higher by September 8th, 2017. We will begin disabling the TLS 1.0 encryption protocol on that date. Clients still using TLS1.0 encryption will not be able to access their Kintone account and services.
Who is impacted?
When using Operating Systems and the Web Browsers that are supported by the current “kintone.com” operating environment, there is no impact because it supports TLS 1.1 or higher. Please see supported Web browsers here. Likewise, for 3DES, there is no effect when using it in the supported environment. Please note that smartphone environments below Android OS 4.4 and some older model feature phones do not support TLS 1.1 or higher and so may not be able to connect to Kintone after the update.
What to do? (Connecting via Desktop)
Please make sure that you do not use old OS or web browser versions which are not supported by Kintone.com’s operating environment. If you are now, please upgrade to a more recent version that is supported by Kintone’s operating environment prior to the end of support date.
If you are using Internet Explorer 11 (IE11) and you have changed security settings to specifically Disable all TLS1.1 and above, then you need to change and Enable all TLS 1.1 and above. To do this, click on Tools>>Internet Options>>Advanced Settings>>Security and then make sure to Checkbox TLS1.1 and TLS1.2.
What to do? (Connecting via Mobile)
Please have the OS of each device checked, and if any are found to be below Android OS 4.4, please upgrade the version.
What to do? (Connecting via programs developed by customer)
If you are using a program developed by you to connect to Kintone, please check the development environment of the program. If you are developing with the Kintone API SDK or older version of java or. NET, you may be connecting to kintone.com in TLS 1.0 format from that program. Applications developed with the kintone API SDK (β) for Java distributed on this site may be affected if you use Java version 7. Please take measures to update your program to be able to connect with TLS 1.1 or later prior to end of support date.
What to do? (Connecting via programs developed by partners)
If you are using a program developed by a partner for you, it is possible that the program may connect to kintone.com via TLS1.0 format, in which case the program would need to be updated in order for you to continue to connect after the end of support date. Please check with your partner to ensure compliance.
More reasons for upgrading past TLS1.0?
Yes. TLS 1.0 is now considered an old method of encryption technology, and several vulnerabilities have been found in it. PCI SSC, which is the international organization that defines the security standards for credit card payment systems, has downgraded TLS 1.0 and recommends activating TLS 1.1 or later and invalidating TLS 1.0 by June 30, 2018. Likewise, vulnerabilities within encryption suites such as 3DES have also been pointed out.
At Kintone, security measures are our highest priority and one of our most important tasks so that our clients can use the Kintone platform with confidence that their data is safe and secure and is maintained with the highest integrity. As such, we have decided to invalidate TLS 1.0 sooner rather than later, even though it may affect some customers’ usage. We appreciate your understanding on this.
If you have any questions about this matter, please contact us.