What is TLS?
The transport layer, as detailed in the OSI reference model, controls network traffic between hosts and applications, and ensures end-to-end communication services for applications. Transport Layer Security or TLS evolved from a previous encryption protocol called Secure Sockets Layer (SSL). TLS is a security protocol for communications over the network that is applicable to the transport layer, providing the following core benefits:
- Authentication
- Data integrity
- Encryption
TLS essentially encrypts all communication sent over web browsers to ensure that the information being sent is not viewed or altered by a third party. On web browsers, end users will typically see a padlock icon which indicates that the website you’re visiting is using TLS to establish an encrypted connection.
While TLS is commonly used for web traffic, it is also employed for other applications such as e-mail, file transfers, instant messaging and VOIP, etc but not mandated for these.
For more information, see:
- Internet Society - TLS Basics
- Microsoft – TLS Protocol Overview
Benefits of TLS
TLS encrypts the data being sent over the network at one end and decrypts it at the receiver’s end. This ensures that sensitive data, such as passwords or credit card details, is encrypted with secure algorithms and cannot be viewed or altered by third parties. The data transmitted remains private and unaltered, maintaining data integrity.Today, all web browsers support TLS and its use is mandated by all web browsers for secure browsing. Without TLS, sensitive information such as logins, credit card details and personal details can be intercepted. In addition, other data like browsing history, e-mail correspondence, online chats could be compromised.To learn more about the technical details of how TLS works, see https://www.internetsociety.org/deploy360/tls/basics/.
What is Nearmap doing?
On April 2nd 2025, we will be making a change to our services to require all API requests to use, as a minimum, TLS 1.2. While our current services already support TLS 1.2, this change will enforce the use of TLS 1.2 as the minimum supported version.We are making this change to enhance the minimum security of our customer API requests. This change will also prevent connectivity issues, improve performance while also meeting our regulatory requirements.
Why do you need to upgrade to TLS 1.2?
In a nutshell, TLS 1.2 is the most secure and is supported by the majority of web browsers. Why continue using older versions of TLS (1.0 or 1.1) when TLS 1.2 offers enhanced security, better performance, and improved reliability? The upgrade to TLS 1.2 is essential to ensure data integrity across your applications. As TLS 1.0 and 1.1 are deprecated, moving to TLS 1.2 ensures that your communication is secure.In recent years, serious security threats have impacted both small businesses and large organizations alike. Not upgrading to TLS 1.2 could expose your data, leading to potential breaches that can damage your organization's reputation and operational trust.
Ensuring API Requests Use TLS 1.2
To control API requests and ensure compliance with TLS 1.2, you can:
- Configure Protocol Versions: Set the protocol explicitly to TLS 1.2 in your application settings or code. Disable older versions like TLS 1.0 and TLS 1.1 on your servers to ensure that only secure versions (TLS 1.2 or higher) are accepted. This can be configured in your web server or application’s SSL/TLS settings.
- Validate Server Certificates: Ensure that the server's TLS certificate is valid and trusted. Reject requests where the certificate is invalid or expired.
- Test API Requests with TLS 1.2: Use tools like curl to test and ensure that your server enforces TLS 1.2 when responding to requests.