August 3, 2017 | Nimisha Shrivastava

Upgrading your apps to support TLS 1.2

What’s happening?

We recently announced that QuickBooks Online apps will be required to upgrade to TLS 1.1 or above by July 31, 2017 to align with industry best practices for security and data integrity.

As of December 31, 2017, the required version will be TLS 1.2 or higher.

Steps for upgrading to TLS 1.2 vary for different coding languages. See details below for the three languages for which we offer SDKs: PHP, Java and .NET.

PHP:

Are you using the PHP SDK?  Action required:
Yes No action required.

The PHP SDK is on PHP 5.7. It uses CURL for making API calls and supports CURL version 7.54.0, which has default support for TLS 1.3. Refer to the Appendix.

No: Verify that your PHP version supports CURL version 7.34.0 or newer:

1.     Use php -i to check for modules that your PHP has installed.

2.     Find the curl section. You will see something like:

o   CURL

o   cURL support => enabled

o   cURL Information => 7.34.0

PHP version cURL version Default TLS version
5.6 7.34.0 TLS 1.2
5.7 7.54.0 TLS 1.3

JAVA:

Are you a Java developer?  Action required:
Yes Depending on the Java version of your application environment you may or may not require changes to support TLS1.2. Please see the table below for details.

See the Appendix for updating and troubleshooting instructions.

 

Java version TLS support Action Required
8 Available No action required.
7 Available Yes. You must explicitly enable TLS 1.2.
6 Available Maybe. Java 6 supports TLS 1.2 in versions 6u115 b32 and above. If you are on a lower version, upgrade to a higher version and explicitly enable TLS 1.2.
5 or earlier No support Yes. Upgrade to Java 6 or higher, preferably Java 8.

.NET:

The current version of the .NET SDK (v3.2.1) uses .NET Framework 4.0. We are migrating the .NET SDK (.NET SDK for QuickBooks Online V3.2.1) to Framework 4.6.1 to proactively support TLS 1.2.

After the mid-August 2017 .NET SDK release, the SDK will only support Framework 4.6.1.

Are you using the .NET SDK?  Action required:
Yes If you are a .NET SDK developer, move your .NET application to Framework 4.6.1 and the latest SDK by Dec 31, 2017 to support TLS 1.2.
No If you are not using the .NET SDK, move your .NET application to Framework 4.6.1 by Dec 31, 2017 to support TLS 1.2.

Refer to the Appendix.

 

.NET Framework Default TLS version supported Timing
4.0 1.1 July 31, 2017
4.5 1.1 is default, can be set to 1.2 July 31, 2017
4.6.1 1.2 December 31, 2017

What do you need to do for your .NET application?

To minimize the impact to our .NET developer community, we have prepared a migration plan to .NET Framework 4.6.1.

To move your .NET application to framework 4.6.1:

  1. Open your project properties by right-clicking it.
  2. Change the Target Framework to 4.6.1 under the Application tab.
  • Upgrade your .NET SDK to the latest version by mid-August. See the release notes here.
    Use the NuGet Package Manager for this upgrade.

    • Note: Any developer using the .NET OAuth 2.0 lib may already be using Framework 4.6.1, as this lib supports Framework 4.6.1, at a minimum.
  • Resolve any errors in your application that may arise from using the latest minor version.
    The minor version mechanism is designed to be backward-compatible, but any hard-coded API response mapping can cause errors in your code. For example, your app may have a database mapping for an old QuickBooks Online schema if you haven’t updated the .NET SDK in a long time, and might not support new fields in newer minor versions.
    Check the release notes and add support for the new fields in your code.

    • Note: Minor versions provide support for additional new fields in the QuickBooks Online API schema. You can read more details about minor versions here. This table provides a mapping of all .NET SDK versions and the supported minor versions.
.NET SDK version Highest supported minor version
V3DotNetSDK2.0.1 NA
V3DotNetSDK2.0.2 NA
V3DotNetSDK2.0.4 NA
V3DotNetSDK2.0.5 NA
V3DotNetSDK2.1.0 NA
V3DotNetSDK2.1.1 NA
V3DotNetSDK2.2.0 1
V3DotNetSDK2.3.0 2
V3DotNetSDK2.4.0 3,4
V3DotNetSDK2.5.0 5
V3DotNetSDK2.6.0 6
V3DotNetSDK2.7.0 7
V3DotNetSDK2.8.0 8
V3DotNetSDK2.9.0 8
V3DotNetSDK3.0.0 9,10,11
V3DotNetSDK3.1.0 9,10,11

 

Benefits of moving to the latest version:

  • Your .NET application will be ready to support TLS 1.2, a more secure communications method than earlier versions.
  • Your application will upgrade to the latest minor version of the QuickBooks Online API schema and can take advantage of the added features and fields of the API.
  • Any .NET applications integrating with financial data along with QuickBooks Online APIs will get some lead time to meet the upcoming PCI security standards TLS 1.2 migration dates.

How to test if your application is connecting to TLS 1.2 URL successfully after the required changes:

  1. Make an HTTP call to this URL from your code https://tlstest.intuit.com.
    It should give you a ‘success’ response.

Or

  1. Make an HTTP call to this URL from your code https://tlstest.intuit.com/1_2.json

It should give you the following json response-

{
“status”: 200,
“message”: “Success!”
}

 Summary of Dates:

  • Now: Update the .NET Framework to 4.6.1 and update to the latest .NET SDK version, which supports .NET Framework 4.6.1. Watch the Release notes for the exact date of next .NET SDK release.
  • December 31, 2017: Update the .NET SDK to the latest version, which supports .NET Framework 4.6.1.

Appendix-

PHP-

JAVA –

.Net-

Comments

View all
Load more comments