Transport Layer Security (TLS) is the most widely deployed security protocol used today for Web browsers and other applications that require data to be securely exchanged over a network.
You passively use it whenever you open a browser.
Because Adobe Sign is a web-based service, you engage with it through secured network connections. Those connections are secured by TLS.
As new browsers and operating systems are released, new security standards are added. However older release versions of a browser or OS will not be updated to include the newer standards.
As the acceptable level of security rises, these older, less secure applications must be left behind. That means you have to update your OS and browser versions so that secure sites can safely allow you to connect to them.
Adobe has security compliance standards that require the end of life of older protocols and is mandating the use of TLS 1.2 in order to have the most up-to-date and secure version in use.
As a result, by April 9th 2018, if your system is not TLS 1.2 compliant, your system will not be allowed to make a connection to the Adobe Sign service.
You must move to TLS 1.2 by the second week of April 2018 or you will lose access to Adobe Sign service. For clients running web browsers: Use a supported browser. For a list of Adobe Sign supported browsers, read the system requirements.
Operating system support for TLS 1.2 requires:
- Windows server: use Windows Server 2008 R2 or later
- Windows desktop: use Windows 8 or later
- OS X: use OS X 10.8 or later
Application framework support for TLS 1.2:
- For Java: use Java 8 or later. Java 7 may be used but requires TLSv1.2 to be explicitly enabled by the application
- For .NET: use .NET 4.6 or later. .NET 4.5 may be used but requires TLSv1.2 to be explicitly enabled by the application. .NET depends on TLS 1.2 support by Windows (see above)
- For applications using OpenSSL: use OpenSSL 1.01 or later
Transport Layer Security (TLS) is a protocol that provides privacy and data integrity between two communicating applications. It's the most widely deployed security protocol used today, and is used for Web browsers and other applications that require data to be securely exchanged over a network.
According to the protocol specification, TLS is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. The Record Protocol provides connection security, while the Handshake Protocol allows the server and client to authenticate each other and to negotiate encryption algorithms and cryptographic keys before any data is exchanged.
There have been documented attacks against TLS 1.0 using an older encryption method and the older versions are more vulnerable than the newest TLS 1.2.
There is a wealth of information here.
Adobe has security compliance standards that require the EOL of older protocols. One of these is compliance with the Payment Card Industry (PCI). PCI DSS is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
PCI compliance mandates the use of TLS 1.1 or higher by Spring 2018.
Adobe Sign has very low traffic on TLS 1.1 with ~80% using TLS 1.2 and ~20% using 1.0.
Rather than wait for another EOL that addresses 1.1 Adobe would like to mandate a move to 1.2 now so that the most secure version is in use.
Adobe would like to encourage all users to abandon the older versions as quickly as possible to avoid further exposure to vulnerabilities.
The latest that an Adobe Sign customer should expect to be able to use one of these older versions is April 8th 2018.
For more information please contact Adobe Sign support or your customer success manager.
Signers connect to Adobe Sign through the same SSL protocols as Senders. Any Signer that connects to Adobe will experience the browser error conditions mentioned below.
This depends on the browser that you are using. All of the browsers in the minimum system requirements list for Adobe Sign are configured to use TLS 1.2. If you are not on one of these browsers you should update your browser. You can find a list of the browsers supported by Adobe Sign here:
Error messages generated by the SSL communications layer are not controlled by Adobe Sign. They are generated by the browser prior to connecting to Adobe Sign. Here are some examples of errors that may be encountered:
IE 8 on Windows 7: