End of Support for TLS 1.0 and 1.1 on Meteor Cloud

To enhance your applications security, we would like to inform you that TLS versions 1.0 and 1.1 will no longer be supported on the Galaxy platform starting from 01/08/2023. As per the Internet Engineering Task Force (IETF), TLS 1.0 and 1.1 are now considered deprecated and vulnerable to security threats. Therefore, upgrading to version 1.2 or later is strongly recommended to ensure maximum security and regulatory compliance of your apps. By making this upgrade, your applications will be better protected against potential cyber attacks.

What is TLS?

TLS, or Transport Layer Security, is an encryption protocol like the padlock you see in the search bar when visiting a website. When it comes to web applications, TLS ensures that your apps are securely accessed between the client and your app.

Reason for change

TLS 1.0 and TLS 1.1 are very old standards having severe security vulnerabilities. Widely used web browsers like Chrome, Safari, Firefox and MS browsers have already started dropping support for TLS 1.0 and 1.1 since January 2020.

However, TLS 1.0 and TLS 1.1 have several known security vulnerabilities and are considered insecure for several reasons:

  1. Known security vulnerabilities: TLS 1.0 and TLS 1.1 have several known security vulnerabilities, such as the Padding Oracle Attack (POODLE) and the Protocol Downgrade Attack (BREACH), which can be exploited to compromise the security of communication and intercept sensitive data.

  2. Weak encryption: TLS 1.0 and TLS 1.1 use older and less secure encryption algorithms compared to the newer versions of TLS. For example, they use 128-bit key encryption algorithms, while TLS 1.2 and TLS 1.3 support stronger encryption keys of 256 bits.

  3. Lack of support for modern security features: TLS 1.0 and TLS 1.1 do not support various modern security features, such as Server Name Indication (SNI) and Advanced Encryption Standard-Galois/Counter Mode (AES-GCM), which improve security and performance of secure communication.

Actions required

To prevent any disruption in accessing your apps and in the Galaxy the set deadline (August 01, 2023), users should do the following.

  1. Users need to upgrade their web browser to one of its latest stable versions that support TLS 1.2. IE11+, Edge 12+, Chrome 29+, Firefox 27+, Safari 7+ have support.
  2. Access your app in Galaxy, go to Settings > Security and set TLS to Minimum 1.2, then go to your app and see if everything is ok.

See the image below:

Desktop and laptop operating systems that might be affected:

  • Windows XP
  • Windows Vista
  • OS X 10.2
  • OS X 10.3
  • OS X 10.4
  • OS X 10.5
  • OS X 10.6
  • OS X 10.7
  • OS X 10.8
  • Linux system lower than the year 2014

Tablet and mobile device operating systems that might be affected:

  • Android 1
  • Android 2
  • Android 3
  • Android 4
  • iOS 1
  • iOS 2
  • iOS 3
  • iOS 4