The information in this post is primarily for administrators of YouTrack InCloud instances. We want to let you know that we’re about to introduce some changes that will come into effect on March 1, 2020. In the meantime, we recommend checking your users’ browser versions and the settings of your REST API integrations.
Transport Layer Security (TLS) is a critical security protocol used by YouTrack InCloud to protect web traffic. It ensures the integrity and confidentiality of data that’s in transit between the YouTrack server and your web browser, so any integration solution that relies on YouTrack REST API also benefits from it. To make sure your data is well protected in accordance with modern security standards, we are going to disable legacy TLS 1.0 and 1.1 protocol versions in favor of TLS 1.2 effective March 1, 2020. Doing so allows us to:
- Stop relying on insecure SHA-1 and MD5 hash functions for peer authentication.
- Be immune to many widely known transport-level security attacks, such as BEAST, LogJam, and FREAK.
- Apply modern cryptographic cipher suites and algorithms for encryption.
All major web browsers are ready for the upcoming change. IE 11, MS Edge 12+, Firefox 27+, Chrome 30+, and Safari 7+ all support TLS 1.2, so users of those browsers will hardly notice any difference. If your users still operate a web browser that does not support TLS 1.2 or newer, please encourage them to upgrade now.
Special care needs to be taken regarding REST API integrations. If you use these, please make sure they support TLS 1.2. The protocol has already been around for 12 years, so we expect all of today’s major software development stacks, platforms, and runtimes to support it out of the box. Still, we recommend checking everything in advance and taking the necessary precautions to avoid undesired interruptions in your day to day operations.
Should you have any questions or concerns regarding the upcoming change, please contact YouTrack Support. We’re always here to help.