Re: [apnic-talk] Security improvements to APNIC websites

To: mailman_APNIC-talk <apnic-talk@apnic.net>
Subject: Re: [apnic-talk] Security improvements to APNIC websites
From: Jamie Gillespie <jamie@apnic.net>
Date: Fri, 10 Jul 2020 03:56:06 +0000
Accept-language: en-AU, en-US
Authentication-results: apnic.net; dkim=none (message not signed) header.d=none; apnic.net; dmarc=none action=none header.from=apnic.net;
Delivered-to: apnic-talk@clove.apnic.net
In-reply-to: <PSBPR04MB407164B2A19F45604617309BB4C20@PSBPR04MB4071.apcprd04.prod.outlook.com>
List-archive: <http://mailman.apnic.net/mailing-lists/apnic-talk/>
List-help: <mailto:apnic-talk-request@lists.apnic.net?subject=help>
List-id: General discussions on APNIC <apnic-talk.lists.apnic.net>
List-post: <mailto:apnic-talk@lists.apnic.net>
List-subscribe: <https://mailman.apnic.net/mailman/listinfo/apnic-talk>, <mailto:apnic-talk-request@lists.apnic.net?subject=subscribe>
List-unsubscribe: <https://mailman.apnic.net/mailman/options/apnic-talk>, <mailto:apnic-talk-request@lists.apnic.net?subject=unsubscribe>
References: <PSBPR04MB407164B2A19F45604617309BB4C20@PSBPR04MB4071.apcprd04.prod.outlook.com>
Thread-index: AdYLyTWkvV4SaF8bQp+lsZWP0DX7FxKoiqYg
Thread-topic: Security improvements to APNIC websites

Just a quick reminder that the remaining changes to TLS versions supported by APNIC will be implemented in just under 1 month from now, on 4 August 2020.   If anyone is using custom scripts, tools, or APIs to access APNIC services, we strongly recommend you test your client tools and libraries to make sure they support TLSv1.2 or higher.

The original notice is below, and full details with testing recommendations are at https://blog.apnic.net/2020/04/06/security-improvements-to-apnic-websites/

Jamie Gillespie
Internet Security Specialist, APNIC

-----Original Message-----
From: Jamie Gillespie 
Sent: Monday, 6 April 2020 2:14 PM
To: mailman_APNIC-talk <apnic-talk@apnic.net>
Subject: Security improvements to APNIC websites

________________________________________________________________________

Security improvements to APNIC websites
________________________________________________________________________


APNIC will be progressively rolling out changes to improve the security and privacy of all encrypted web services, starting on 6 May 2020 and finishing on 4 August 2020.  While users should not notice any difference when using a modern web browser, there may be some impact on programming interfaces and automation tools.

To ensure the security and privacy of our public visitors, Members and Member data, APNIC will stop support for TLSv1.0 and 1.1 on all encrypted services and websites.  This will begin on 6 May 2020 (30 days from this announcement) with the change to all web servers that are typically accessed by a web browser.  Examples of these sites include:

    - www.apnic.net
    - blog.apnic.net
    - academy.apnic.net
    - training.apnic.net
    - my.apnic.net
    - stats.apnic.net
    - resources.apnic.net

On 4 August 2020 (120 days from this announcement), all other servers that are typically accessed by application programming interfaces (APIs), scripting, and automation tools will be configured to only allow TLS 1.2, and 1.3 where possible. 
 
APNIC will continue to offer unencrypted access without TLS for some services such as whois (on port 43/tcp), and both encrypted and unencrypted access for some other services such as ftp.apnic.net, which is available via FTP, HTTP, and HTTPS; and RDAP which is available by HTTP and HTTPS.  No unencrypted connections are being disabled at this time.
 
Read more here: https://blog.apnic.net/2020/04/06/security-improvements-to-apnic-websites/
 
________________________________________________________________________

Jamie Gillespie                                          jamie@apnic.net
Internet Security Specialist
APNIC                                              https://www.apnic.net
________________________________________________________________________