TLS 1.0 Deprecation

Overview

To keep your API communications with Box secure, we will remove support for TLS 1.0 on June 25th, 2018. You have to upgrade to TLS 1.1 or higher before that date.

General Testing Instructions

To confirm your application will work when we remove support for TLS 1.0, we created a new base url (https://api-test.box.com/2.0/) that you can test with any Box API endpoint to confirm your application supports TLS 1.1 or higher. This test endpoint will refuse any requests made with TLS 1.0.

If you make an API call to the test endpoint and get a connection refused error, then your environment needs to be upgraded to support TLS 1.1 or higher. If you make an API call to the test endpoint and you receive a successful response, then your environment supports TLS 1.1 or higher and no action is needed.

The only endpoint that will not work for testing with this test endpoint is the upload endpoint.

Testing & Upgrade Instructions by Language

.NET

Test

BoxConfig config = new BoxConfig(/* config parameters */);
config.BoxApiUri = new System.Uri("https://api-test.box.com/2.0/");

Upgrade

  • Upgrade to version 4.6 of the .NET framework. Alternatively, upgrade to 4.5 of the .NET framework, and include the line below in your application.
//Make sure this line is globally scoped in your application.
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 
  • If you are using the Box .NET or .NET Core SDK, upgrade to version 3.5.2 or above.

Java

Test

BoxAPIConnection api = new BoxAPIConnection(/* connection parameters */);
api.setBaseURL("https://api-test.box.com/2.0/");

Upgrade

  • Upgrade to version 1.8 or higher of the Java Runtime Environment.
  • Upgrade to Box Java SDK version 2.14.1 or higher.

Node

If you are using the official build of Node, you will not be affected.
Test

var BoxSDK = require('box-node-sdk');
var sdk = new BoxSDK({
    /* Other configuration parameters */
    apiRootURL: 'https://api-test.box.com'
});

Ruby

Upgrade
Upgrade to Ruby 2.0.0 or later and OpenSSL 1.0.1 or later.

Python

Upgrade

  • If you are using Python 2.7.9 and higher, it is compatible with TLS 1.1 or higher by default.
  • If you are using Python 2.7.8 and below, you will need to update to Python version 2.7.9 or higher.

Android

Upgrade
Upgrade to version 5.0 of the Android framework or higher (API level 20 or higher).

TLS 1.0 Deprecation