We know that strategic plans and roadmaps are important to every business, and we take protecting them seriously. After all, our own business and product plans are hosted with Aha! as well. This is why every Aha! plan includes secure network communications over HTTPS and data encryption at rest.
On December 31, 2017, we will be upgrading our protocols used to secure all external connections made to our application by enforcing Transport Layer Security (TLS) 1.2 and disabling TLS 1.0/1.1. A small number of users and accounts will be required to take action to ensure continued access to Aha!
This security upgrade to TLS 1.2 follows industry best practices, and other leading SaaS companies like Salesforce, Paypal, and Recurly have recently done the same.
What is it?
Transport Layer Security (TLS) is a protocol used to transfer encrypted data over a network securely. We will no longer be supporting the older TLS 1.0/1.1 protocols in order to maintain the highest security standards and ensure that all customer data is kept safe.
It is important for customers who will be affected to make the changes necessary before December 31, 2017, so they will be able to experience uninterrupted access to Aha! or its integrations.
How to prepare for these updates
This update will impact a small number of users and accounts. Specifically, this may impact users of older:
- On-premise integrations (JIRA and TFS)
- Web browsers
- Aha! API development frameworks
Please read the details below to determine whether your account will be affected, and review the suggested steps to ensure continued access.
Required Integration updates
The majority of Aha! integrations already support TLS 1.2 and do not require any updates, however, if you are using an on-premise integration, please validate that your servers are able to utilize TLS 1.2 endpoints.
The integration updates apply to connections received by Aha! for API calls or web hooks. Outbound connections from Aha! to customer servers for integrations will negotiate TLS protocols and ciphers based on your server settings. You are advised to disable TLS 1.0 at a minimum to secure your environment and data.
Aha! strongly recommends using Java 8 for JIRA on-premise installations, which requires JIRA version 6.3 and above. If you are unable to upgrade to Java 8, you will need to ensure that the Java 7 environment that is used to run JIRA is configured with runtime flags specified here.
On-premise JIRA 6.4 or earlier running on Java 7 must upgrade to Java 8 or make JVM configuration changes
On-premise JIRA 5.2 or greater must run at least Java 7 with JVM configuration changes
Additional specifications for on-premise JIRA updates needed in preparation for this update can be reviewed here.
Installation of TFS, the underlying .NET version(s), and Windows Server must all support TLS 1.2 endpoints. Some versions may require additional registry settings. TFS 2015 and above running on Windows Server 2012 and above should not require any changes.
Additional specifications for on-premise TFS updates needed in preparation for this update can be reviewed here.
Required browser updates
As indicated in our supported browser documentation, we recommend the following browsers: IE11, Microsoft Edge, Safari 9+ and the current versions of Firefox and Chrome.
However, after TLS 1.0 disablement, IE10 and Safari 6, 7 and 8 will no longer be able to connect to Aha! and users of these browsers should upgrade.
Required API framework updates
API callers must support TLS 1.2 connections. TLS 1.2 support is common in software released in the last five years. Ruby, Python, .NET, and other languages utilize OpenSSL or another TLS library either from the underlying system or installed with the binaries. In these cases, it is important to reference the version of OpenSSL or other TLS library on your system to ensure 1.2 is supported.
Additional specifications for updates needed around API frameworks can be reviewed here.
Our Customer Success team (all former product managers) is here to help. If you have any questions about this upcoming change and whether or not you will be affected, please email us at firstname.lastname@example.org.