[apnic-talk] Security improvements to APNIC websites

To: mailman_APNIC-talk <apnic-talk@apnic.net>
Subject: [apnic-talk] Security improvements to APNIC websites
From: Jamie Gillespie <jamie@apnic.net>
Date: Mon, 6 Apr 2020 04:14:06 +0000
Accept-language: en-US
Authentication-results: apnic.net; dkim=none (message not signed) header.d=none; apnic.net; dmarc=none action=none header.from=apnic.net;
Delivered-to: apnic-talk@clove.apnic.net
List-archive: <http://mailman.apnic.net/mailing-lists/apnic-talk/>
List-help: <mailto:apnic-talk-request@lists.apnic.net?subject=help>
List-id: General discussions on APNIC <apnic-talk.lists.apnic.net>
List-post: <mailto:apnic-talk@lists.apnic.net>
List-subscribe: <https://mailman.apnic.net/mailman/listinfo/apnic-talk>, <mailto:apnic-talk-request@lists.apnic.net?subject=subscribe>
List-unsubscribe: <https://mailman.apnic.net/mailman/options/apnic-talk>, <mailto:apnic-talk-request@lists.apnic.net?subject=unsubscribe>
Thread-index: AdYLyTWkvV4SaF8bQp+lsZWP0DX7Fw==
Thread-topic: Security improvements to APNIC websites

________________________________________________________________________

Security improvements to APNIC websites
________________________________________________________________________


APNIC will be progressively rolling out changes to improve the security 
and privacy of all encrypted web services, starting on 6 May 2020 and 
finishing on 4 August 2020.  While users should not notice any 
difference when using a modern web browser, there may be some impact on 
programming interfaces and automation tools.

To ensure the security and privacy of our public visitors, Members and 
Member data, APNIC will stop support for TLSv1.0 and 1.1 on all 
encrypted services and websites.  This will begin on 6 May 2020 (30 days 
from this announcement) with the change to all web servers that are 
typically accessed by a web browser.  Examples of these sites include:

    - www.apnic.net
    - blog.apnic.net
    - academy.apnic.net
    - training.apnic.net
    - my.apnic.net
    - stats.apnic.net
    - resources.apnic.net

On 4 August 2020 (120 days from this announcement), all other servers 
that are typically accessed by application programming interfaces 
(APIs), scripting, and automation tools will be configured to only 
allow TLS 1.2, and 1.3 where possible. 
 
APNIC will continue to offer unencrypted access without TLS for some 
services such as whois (on port 43/tcp), and both encrypted and 
unencrypted access for some other services such as ftp.apnic.net, which 
is available via FTP, HTTP, and HTTPS; and RDAP which is available by
HTTP and HTTPS.  No unencrypted connections are being disabled at this 
time.
 
Read more here: https://blog.apnic.net/2020/04/06/security-improvements-to-apnic-websites/
 
________________________________________________________________________

Jamie Gillespie                                          jamie@apnic.net
Internet Security Specialist
APNIC                                              https://www.apnic.net
________________________________________________________________________