Box Developer Portal | Cloud Content Management APIs

TLS 1.0 Deprecation

Suggest Edits

TLS Deprecation Date Postponed

We have received a number of requests to extend the cutoff date of TLS 1.0 deprecation for Box platform applications in order to allow developers to fully upgrade environments to support TLS 1.2, with a preferred target of the current TLS 1.2 standard. We are extending the TLS 1.0 deprecation deadline for application traffic until May 13th, 2019. On May 13, 2019 at 8:00am PST, Box will start blocking all TLS 1.0 traffic coming from custom Box platform applications.

Overview

To keep your API communications with Box secure, Box will no longer provide support for products and services that rely on the Transport Layer Security (TLS) 1.0 encryption protocol as of June 25, 2018.

Please see here for the most up-to-date information.

General Testing Instructions

To confirm your application will work when we remove support for TLS 1.0, we created a new base url (https://api-test.box.com/2.0/) that you can test with any Box API endpoint to confirm your application supports TLS 1.2 or higher. This test endpoint will refuse any requests made with TLS 1.0.

If you make an API call to the test endpoint and get a connection refused error, then your environment needs to be upgraded to support TLS 1.2 or higher. If you make an API call to the test endpoint and you receive a successful response, then your environment supports TLS 1.2 or higher and no action is needed.

The only endpoint that will not work for testing with this test endpoint is the upload endpoint.

Testing & Upgrade Instructions by Language

.NET

Test

BoxConfig config = new BoxConfig(/* config parameters */);
config.BoxApiUri = new System.Uri("https://api-test.box.com/2.0/");

Upgrade

  • Upgrade to version 4.6 of the .NET framework. Alternatively, upgrade to 4.5 of the .NET framework, and include the line below in your application.
//Make sure this line is globally scoped in your application.
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
  • If you are using the Box .NET or .NET Core SDK, upgrade to version 3.5.2 or above.

Java

Test

BoxAPIConnection api = new BoxAPIConnection(/* connection parameters */);
api.setBaseURL("https://api-test.box.com/2.0/");

Upgrade

  • Upgrade to version 1.8 or higher of the Java Runtime Environment.
  • Upgrade to Box Java SDK version 2.14.1 or higher.

Node

If you are using the official build of Node, you will not be affected.
Test

var BoxSDK = require('box-node-sdk');
var sdk = new BoxSDK({
    /* Other configuration parameters */
    apiRootURL: 'https://api-test.box.com'
});

Ruby

Upgrade
Upgrade to Ruby 2.0.0 or later and OpenSSL 1.0.1 or later.

Python

Upgrade

  • If you are using Python 2.7.9 and higher, it is compatible with TLS 1.2 or higher by default.
  • If you are using Python 2.7.8 and below, you will need to update to Python version 2.7.9 or higher.

Android

Upgrade
Upgrade to version 5.0 of the Android framework or higher (API level 20 or higher).