Important re dropping TLS 1.0 support (Reminder: Changes to Whois-RWS and RDAP Scheduled for 12 February 2020)

Sat Dec 14 03:46:50 UTC 2019

For people running public facing httpd, it is also worth noting that the
population of old browser useragents that don't understand TLS1.2 is under
half of one percent.

There's very little risk or impact these days to only accepting TLS1.2 in
Apache2 or nginx configuration everywhere.

On Fri, Dec 13, 2019 at 11:17 AM John Curran <jcurran at arin.net> wrote:

> NANOG Folks -
>
> If you are using programmatic interfaces over TLS 1.0 to access
> ARIN Whois-RWS or ARIN RDAP services, please pay particular attention to
> this announcement.
>
> Thanks!
> /John
>
> John Curran
> President and CEO
> American Registry for Internet Numbers
>
>
> Begin forwarded message:
>
> *From: *ARIN <info at arin.net>
> *Subject: **[arin-announce] Reminder: Changes to Whois-RWS and RDAP
> Scheduled for 12 February 2020*
> *Date: *13 December 2019 at 12:28:44 PM CST
> *To: *<arin-announce at arin.net>
>
> As we originally announced on 15 October 2019, there will be a change made
> to ARIN’s Whois-RWS and RDAP services on 12 February 2020. This change may
> impact the way you interface programmatically with ARIN to query and
> retrieve information from these services.
>
> ARIN will no longer be supporting TLS 1.0 for Whois-RWS and RDAP services.
> There are well-known security issues with this protocol. We will continue
> to support TLS 1.1 and 1.2. Please make sure your client implementation
> will support TLS 1.1 or 1.2. Read
> https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/
> for further details.
>
> Because these changes will be implemented in about 60 days, we recommend
> that you review your clients that interface with the Whois-RWS and RDAP
> services, and make any required configuration or code changes in advance of
> this change. Both TLS 1.1 and TLS 1.2 are available now. We encourage you
> to make these changes so you will have no operational impact when we
> disable the vulnerable transport protocols.
>
> So that you can plan your upgrades accordingly, we would also like to
> inform you of future planned events for this service. We will be adding TLS
> 1.3 support to Whois-RWS and RDAP in the near future. We also anticipate
> announcing end-of-service support for TLS 1.1, with another corresponding
> 120-day warning notice.
>
> Regards,
>
> Mark Kosters
> Chief Technology Officer
>
> American Registry for Internet Numbers (ARIN)
>
> _______________________________________________
> ARIN-Announce
> You are receiving this message because you are subscribed to
> the ARIN Announce Mailing List (ARIN-announce at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-announce
> Please contact info at arin.net if you experience any issues.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20191213/800fc12f/attachment.html>