Cisco Spark Disabling TLS 1.0

brbender

Thursday, February 8th 2018

Update: This change will now be implemented beginning March 17, 2018 03:30 UTC.

 

The Cisco Spark platform will require API clients to use TLS 1.1 or higher beginning March 17, 2018 UTC. The TLS 1.0 encryption protocol will be disabled on all endpoints to align with industry best practices for transport security. Additionally, the Cisco Spark API will require the use of clients which support the Server Name Indication (SNI) extension to TLS/SSL.

 

Our internal telemetry of API connections indicates that very few apps are using TLS 1.0. To prevent any service disruption after March 2 between your apps and Cisco Spark, ensure that your app’s server operating system, libraries, and frameworks support at least TLS 1.1 and the SNI extension. Consult the documentation for your app’s libraries and frameworks to ensure that they support TLS 1.1.

 

The following minimum versions of common libraries and tools support the SNI extension:

  • Java 1.7
  • PHP 5.3
  • Python 2.7.9, Python 3
  • Ruby (net/http) 2.0
  • cURL 7.18.1
  • wget 1.14

 

If you have any questions about this change, our Cisco Spark DevSupport Team is available 24/7 to help. Please contact them with your question or concern.

 

Brian Bender, Technical Leader