Security Enhancements: Retiring TLS 1.0, Forcing TLS

As part of our continuous efforts to improve the security of our platform, we will be upgrading our TLS policies.

First, as of September 6st 2017, TLS 1.0 connections will no longer be accepted by our APIs (Pub/Sub and HTTP). This means clients will ideally have to support TLS 1.2 (although TLS 1.1 will be supported for another few month). We do not expect this to have a big impact as we have seen fairly low traffic of TLS 1.0 requests over the past few months.

Second, as of September 18th 2017, TLS will be enforced for all connections. This means that clients will have to use MQTTS, HTTPS and WSS to connect to our platform. We recognise this might have some impact on older embedded devices but we believe this is the right price to pay for a safer IoT. If does impact your project please talk to us and we'll be happy to support you transitioning.