FreshBooks
Call Toll Free 1-866-303-6061 Login | Pricing & Signup

Search


API Calls

Resources

We’re Disabling Weak SSL on January 4, 2010

by rich on September 29, 2009

On January 4, 2010, the first Monday of the new year, we will be disabling weak SSL protocols. This change affects both API and browser users.

The protocols we are disabling are:

  • SSLv2
  • Ciphers with keylengths less than 128 bits in SSLv3 or TLSv1

We are disabling these protocols to enhance the security of our users' financial data as it is passed over the Internet. SSLv2 has several published vulnerabilities and should not be considered secure, and keys shorter than 128 bits are no longer considered sufficiently resistant to compromise. The Wikipedia article on TLS and SSL contains some background information on the vulnerablities in these protocols.

Analyzing the last month's worth of traffic suggests that this will affect a very small number of users. We have contacted all affected integrations with whom we have existing relationships. We will continue to monitor our logs to look for any other SSLv2 or short keylength users whom we have missed.

Modern browsers (Firefox 2+; IE 7+; Safari) disable these weak protocols by default.

If you have any questions or comments on our plan to disable these weak SSL protocols, please let us know at .(JavaScript must be enabled to view this email address).

Comments

There are no comments on this post. Be the first to post one!

Add your own comment

Full Name *
Email Address *
URL
Comment *
Captcha*
Please enter the word you see in the image below

Last four posts in our forums
  • November 11, 2009 Eating our own dog food

    FreshBooks is now eating its own dog food.

  • October 23, 2009 API Updates: Project Staff, Custom Emails and payment.delete

    On Wednesday we released some pretty exciting updates to our API and wanted to make sure you were aware of them.

  • September 30, 2009 Staff API Access: No More Restrictions!

    Ever since its debut, the API has used a more restrictive set of permissions than the application. This made things a little simpler for us, but it didn't help our users or third-party add-on developers. It meant that certain third-party applications simply weren't as useful for customers who had multiple staff members sharing a single FreshBooks account. We've received many requests from developers to open up permissions in the API so that they more closely follow the permission settings in the application. You have been heard!

  • September 29, 2009 We’re Disabling Weak SSL on January 4, 2010

    On January 4, 2010, we will be disabling SSLv2 and ciphers with keys smaller than 128 bits.

Need additional help?

Call Us

North America
United Kingdom
Ireland
International

1-866-303-6061
0808-101-3408
1-800-949-046
+1 416-481-6946

Email Us

We love to help our customers! Send us an email through our online support request form any time you need help!

About FreshBooks

FreshBooks is an online invoicing and timetracking application. Find out more on our website.

Copyright 2009 FreshBooks. All Rights Reserved. Developer Blog RSS Feed