Effective from 08 March 2018 (Deadline extended from 30 January 2017 to allow customers to upgrade Freshservice Discovery tools), Freshservice will be moving away from the TLS 1.0 version and will disable the encryption protocol across all its services. The deprecation will have effects on all Freshservice customers currently using TLS 1.0, and it is advised that you check if you're going to be affected. This solution article will walk you through steps on how you can check if this change affects your business.
Described below are the compatibilities across Desktop Browsers and Mobile Operating Systems.
1. Internet Explorer: Desktop versions of IE 8,9 and 10 are TLS compatible if you are running Windows 7 or higher, but not by default. Future versions of Internet Explorer are compatible by default. Achieve compatibility by following the guide here.
2. Mozilla Firefox: Versions 23 through 26 are compatible, but not by default. Use about:config to enable TLS 1.1 or TLS 1.2 by updating the security.tls.version.max config value to 2 for TLS 1.1, or 3 for TLS 1.2. All future versions of Mozilla Firefox are TLS 1.0+ compatible by default.
3. Google Chrome: All versions of Google Chrome above version 38 are compatible by default.
4. Safari: Desktop Safari versions 7 and higher for OS X 10.9 (Mavericks) and higher are, compatible with TLS 1.1 and higher, by default.
Verify your browser compatibility
To verify compatibility for TLS 1.1/TLS 1.2 for your browser, go to https://tlstest.freshservice.com/ and if you are able to view a web page shown below with the message TLS1.1/TLS1.2 Upgrade Test Passed, then your browser is compatible with Freshservice. Internet Explorer users can achieve compatibility by following the guide here.
Devices running Android OS versions lower than 4.1 won't be compatible with TLS versions higher than 1.0. Therefore, the Freshservice Android app will stop working on devices running these versions of the operating system. Users are advised to upgrade their operating systems to continue using the app.
Devices running Android 4.1 to 4.4 need to be on version 3.5 or higher of the Android app to continue using Freshservice. Users running Android versions 5.0 or higher will not face any issues and can continue using the existing version of the app installed on their device or upgrade to version 3.5 of the app.
The iOS app will continue to work seamlessly on compatible iOS versions (iOS 8 and above).
Once you have ensured that your Browser/OS will not be affected by the eventual deprecation of TLS, you can follow the steps below to run a compatibility test on your Integrations/API clients (if applicable).
Discovery Probe and Agent
If you are using Discovery probe versions lower than v2.3.0 or Windows Discovery agent versions lower than v2.4.0, you have to upgrade your Discovery tools to ensure your Probe and Agent will continue to sync with Freshservice after the TLS 1.0 disablement. If you're using lower versions of the Discovery probe and agent, you won't able to connect to Freshservice.
To download the latest version of Discovery probe/Agent, head to Admin > Discovery.
Set up an API client in a test environment. This could be any software that you are using to integrate to Freshservice or any custom integration code that you have written.
In that test environment, change the API client's endpoint hostname from yourdomain.freshservice.com to tlstest.freshservice.com.
If you see a '200 OK' message, then this test passed. This response means that the underlying TLS connection was successful.
If you instead see an error message that involves TLS or https, then the test has failed. Your API client will require adjustments or upgrades. Please check with your client's documentation on how to upgrade to TLS 1.1 or TLS 1.2 support.
Example using cURL
This is how the output would look when connected from cURL.
(The following test cases were run on cURL version 7.50.0)
curl -v -XGET https://tlstest.freshservice.com/helpdesk/tickets.json --tlsv1.0
* Server aborted the SSL handshake
* Closing connection 0
curl: (35) Server aborted the SSL handshake
curl -v -XGET https://tlstest.freshservice.com/helpdesk/tickets.json --tlsv1.1
HTTP/1.1 200 OK
* Connection #0 to host tlstest.freshservice.com left intact
If you've got any additional queries, just drop a mail to firstname.lastname@example.org