Re: [apnic-talk] Security improvements to APNIC websites
Just a quick reminder that the remaining changes to TLS versions supported by APNIC will be implemented in just under 1 month from now, on 4 August 2020. If anyone is using custom scripts, tools, or APIs to access APNIC services, we strongly recommend you test your client tools and libraries to make sure they support TLSv1.2 or higher.
The original notice is below, and full details with testing recommendations are at https://blog.apnic.net/2020/04/06/security-improvements-to-apnic-websites/
Jamie Gillespie
Internet Security Specialist, APNIC
-----Original Message-----
From: Jamie Gillespie
Sent: Monday, 6 April 2020 2:14 PM
To: mailman_APNIC-talk <apnic-talk@apnic.net>
Subject: Security improvements to APNIC websites
________________________________________________________________________
Security improvements to APNIC websites
________________________________________________________________________
APNIC will be progressively rolling out changes to improve the security and privacy of all encrypted web services, starting on 6 May 2020 and finishing on 4 August 2020. While users should not notice any difference when using a modern web browser, there may be some impact on programming interfaces and automation tools.
To ensure the security and privacy of our public visitors, Members and Member data, APNIC will stop support for TLSv1.0 and 1.1 on all encrypted services and websites. This will begin on 6 May 2020 (30 days from this announcement) with the change to all web servers that are typically accessed by a web browser. Examples of these sites include:
- www.apnic.net
- blog.apnic.net
- academy.apnic.net
- training.apnic.net
- my.apnic.net
- stats.apnic.net
- resources.apnic.net
On 4 August 2020 (120 days from this announcement), all other servers that are typically accessed by application programming interfaces (APIs), scripting, and automation tools will be configured to only allow TLS 1.2, and 1.3 where possible.
APNIC will continue to offer unencrypted access without TLS for some services such as whois (on port 43/tcp), and both encrypted and unencrypted access for some other services such as ftp.apnic.net, which is available via FTP, HTTP, and HTTPS; and RDAP which is available by HTTP and HTTPS. No unencrypted connections are being disabled at this time.
Read more here: https://blog.apnic.net/2020/04/06/security-improvements-to-apnic-websites/
________________________________________________________________________
Jamie Gillespie jamie@apnic.net
Internet Security Specialist
APNIC https://www.apnic.net
________________________________________________________________________