New versions of Box Drive will no longer be compatible with outdated legacy security configurations
We’re taking considerable strides to make sure that Box Drive remains as secure as possible for our customers. As a result, in our next release of Box Drive (v2.38), we will no longer provide the ability for Box Drive to connect through TLS introspection proxies that use weak security settings, including TLS 1.0, TLS 1.1, and SHA1-signed certificates. Customers that operate content filtering proxies (TLS termination proxies) must ensure that their proxies support modern security best practices, which include support for TLS 1.2 or TLS 1.3 and certificates with 2048-bit (or higher) keys and SHA 256 (or higher) signatures by April 10th in order to ensure that Box Drive continues to work in their environment.
Potential compatibility issues with Trend Micro DLP solutions
We’ve also seen some evidence that Trend Micro endpoint protection solutions may block Box Drive network requests in v2.38 of the product. The most recent build of Box Drive v2.38, available be, is expected to resolve this incompatibility.
For customers who may be impacted by either point above, we recommend pre-validating this release before April 10th via the download links below and adjusting their environment accordingly. For customers that need further assistance, please contact Box Product Support and reference "2.38 validation".
-
Windows: https://e3.boxcdn.net/desktop/releases/win/BoxDrive-2.38.173.msi
-
Mac: https://e3.boxcdn.net/desktop/releases/mac/BoxDrive-2.38.173.pkg
On April 10th, we began a slow rollout of the release of v2.38.173 to non-Japanese customers