Welcome to the new Box Support website. Check out all the details here on what’s changed.

Ensure your apps are TLS 1.2 compliant by May 13th, 2019 - All TLS 1.0 traffic will be blocked

New post

Comments

7 comments

  • MrClarify

    Thank you Jon. I just updated for all my clients.

    0
    Comment actions Permalink
  • Mike123456

    Hi 

     

    I have been following the instructions as outlined, and have used the server https://api-test.box.com/2.0/ as directed.

    I also have a WebDAV client currently in use that I would like to test as well.  I realize WebDAV is being deprecated as well, but we will still need to use it after Nov 12th.

    Can you please provide the WebDAV URL to connect to the test server?

     

    Thanks

    Mike

    0
    Comment actions Permalink
  • jcleblanc

    Hi ,

     

    For WebDAV you'll have to check with the client you're using on direct support, as per this guide. Updating that client to one that supports TLS 1.1+ should be sufficient. 

     

    Thanks,

    Jon

    0
    Comment actions Permalink
  • rockstheparty

    For 3rd party integrations using the box-ios-sdk, what (if anything) do we need to do to ensure we are compliant? There is no mention of it in the documentation here: https://developer.box.com/docs/tls-1

    0
    Comment actions Permalink
  • jcleblanc

    Hi ,

     

    I believe that iOS version 5.0 or later supports TLS 1.1/1.2 out of the box. As long as you're not on an old version there should be no changes that are needed with the iOS SDK.

     

    - Jon

    0
    Comment actions Permalink
  • iancrew

    As a Box Admin, is there any way for me to generate a report showing which non-TLS-1.2-compliant apps are being used to connect to our Box enterprise, and which users are using those apps?

     

    Thanks,

     

    Ian

    0
    Comment actions Permalink
  • jcleblanc

    Hi ,

     

    For the impacted apps, not directly within the admin reports, but there are a few options:

    1. We will be generating reports of the impacted apps and will send out regular comms to the developer, support, and admin contacts for those apps. The next report is slated for early January, and they will be on a regular monthly cadence after that. Once we get closer to the May 13th date those will increase in frequency.
    2. If you contact Box support they should be able to tell you which applications are sending non-compliant requests, if any.

    For the users, I believe you may be able to extract that through:

    1. The user activity report. Under the "Details" column you'll see entries such as "Service: ###". For app specific traffic that ### will be your app name, and the action / user that took the action will be in the "User" column.
    2. The platform activity report. This will be a bit more drawn out, but the "App Name" column will give you the name of the app, then the "Value" column will add in the user ID of a user if they took the action. Those user IDs can then be looked up for additional information via the Postman collection, CLI, or APIs

    Contacting Box support is also definitely a direct way of ascertaining that data. 

     

    Thanks,

    Jon 

    0
    Comment actions Permalink

Please sign in to leave a comment.