• IT@UC Knowledge Base

 Box at UC - TLS Application Support

 Information on TLS protocol support in the Box at UC cloud hosting service.

Navigate to: (navigation to different sections)

·         Update: Deprecated Support for TLS 1.0

o   What is TLS?

o   Why is TLS 1.0 being disabled?

o   How do Box users become compatible with TLS 1.1+?

·         Supported Box Applications

·         Supported 3rd-Party Applications

·         Supported Browsers

·         Additional Resources

 

[back to top]

Update: Deprecated Support for TLS 1.0

To maintain the highest security standard and to promote the safety of customer data, Box will disable the use of Transport Layer Security (TLS) 1.0 across all Box services starting on November 12, 2018 at 11:00 AM (EST). After this date, TLS 1.1 or higher (TLS 1.1+) must be used. Users leveraging web browsers, Box applications, or 3rd-party applications that do not support TLS 1.1+ will not be able to access Box resources.

 

What is TLS?
TLS is a protocol that provides privacy and data integrity between two communicating applications. It is used for web browsers and other applications that require data to be securely exchanged over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification. Box Web and API connections, along with applications such as Box Sync and 3rd party apps, use TLS as a key component of their security.

Why is TLS 1.0 being disabled?
Box is requiring an upgrade to TLS 1.1 or higher in order to align with industry best practices for security and data integrity. After November 12, 2018, Box will require TLS 1.1 and later encryption protocol in an effort to maintain the highest security standards and promote the safety of customer data. After Box disables TLS 1.0, anyone using browsers, 3rd-party applications, and Box applications that do not support TLS 1.1 or 1.2 will NOT be able to access Box.

How do Box users become compatible with TLS 1.1+?
Users are required to upgrade their browser to a version that supports TLS 1.1 or higher. Most modern browsers support TLS 1.1 and 1.2. To determine whether your browser supports TLS 1.1 or higher, view Supported Browsers below.

Anyone using 3rd-party applications that do not support TLS 1.1 or higher must upgrade those applications. Developers of such 3rd-party applications also must upgrade their applications to support TLS 1.1 or higher. To find out what 3rd-party applications support TLS 1.1+, view Supported 3rd-Party Applications.

Box customers must upgrade to the latest versions of Box Sync, Box Tools, Box for Office, and Box Drive. For information on which versions support TLS 1.1+, view Supported Box Applications.

[back to top]

Supported Box Applications
Box desktop products have been updated to meet the TLS 1.1+ compliance.  In order to be in compliance, you must be on the minimum versions below on both Mac and Windows machines. Additionally, all Windows machines must be on .NET 4.5.2 or higher in order for desktop applications to continue to work after the TLS 1.0 deprecation on November 12, 2018.  

Unless you've somehow customized your installation of Box desktop products, all users will automatically update to at least the minimum compliant version belowand no action is required. If you have customized the installation of these applications for your users in any way, you will need to ensure all your users upgrade to a minimum version prior to November 12, 2018 to continue to access Box. If you are not an administrator of your computer, please contact your local IT department to update your Box applications.

 

Minimum Versions

Box Product

Minimum Compliant Version

Latest Version

Box Tools (Edit)

 

Mac & Windows: 3.5+

 

Note: Although 3.5+ is the minimum compliant version, we recommend users upgrade to the latest Box Tools version 4.4.x. Box Tools 4.0.x is a non-compliant version as it utilizes the .NET 4.0 framework. 

 

Download here

 

KB Article here

Box Sync

Long-term installer - 4.0.7901

Mac & Windows: 4.0.7900+

 

Download here

 

KB Article here

 

Box Drive

Mac: 1.7+

Windows: All Versions

 

Download here

 

KB Article here

 

Box for Office

Windows 4.2.1220+

 

Download here

 

KB Article here

 

 

Additional Downloads: https://www.box.com/resources/downloads

 

Further clarification on Box Tools and the .NET framework:

  • If you are currently on Box Tools 3.5, you can keep using it without interruption. However, we strongly recommend you upgrade to the latest version of Box Tools, which is Tools 4.4.x.

  • If you are currently on Box Tools 4.0, you MUST upgrade your .NET framework to .NET 4.5.2 +. Box then auto-updates you to the latest, compliant version of Box Tools (4.1+). If your organization blocks auto-updates, you will have to perform the Box Tools update manually.

  • If you are currently on Box Tools 4.4.x, there is nothing you need to do. You are up-to-date.

[back to top]

Supported 3rd-Party Applications

To make 3rd-party applications used by your organization are in compliance, please take action for the following prior to November 12, 2018 to continue to access Box.

 

If you use a 3rd-party application and do not know if it is TLS 1.1+ compatible, please contact the 3rd-party publisher or visit their website to see if they are compliant. If you are not an administrator of your computer or device, please contact your local IT department to update your 3rd-party applications.

 

Application Name

Upgrade Path

3rd-Party Integrations

 

Ensure your integration with Box is updated to TLS 1.1+ using the documentation found here

 

FTPS

 

Ensure your FTPS client is configured to support TLS 1.1+. Steps may include updating FTPS connection settings to support a minimum version of TLS 1.1 or higher. Please refer to documentation from your preferred FTPS client.

 

Note: Box at UC does not support unencrypted FTP connections.

 

WebDAV

 

Ensure your WebDAV client is configured to support TLS 1.1+.  Steps may include updating WebDAVS connection settings to support a minimum version of TLS 1.1 or higher. Please refer to documentation from your preferred WebDAV client.

 



[back to top]

Supported Browsers

To ensure TLS 1.1+ compliance, make sure web browsers are updated to these minimum versions below prior to November 12, 2018 to continue to access Box. If you are not an administrator of your computer or device, please contact your local IT department to update your web browsers.

 

Browser

TLS 1.1

TLS 1.2

Google Chrome

 

22-25+

 

 

30-32+

Apple Safari

 

7+

 

7+

Mozilla Firefox

 

27-33+

ESR 31.0-31.2+

 

27-33+

ESR 31.0-31.2+

Microsoft Internet Explorer

 

11+

 

11+

Microsoft Edge

 

All Versions

 

All Versions


[back to top]

Additional Resources

Related KB Articles

·         Box Tools (Edit)

·         Box for Office

·         Box Sync

·         Box Drive

Box Community Articles

·         Deprecation: Transport Layer Security (TLS) 1.0 Encryption Protocol

·         Deprecation: TLS 1.0

·         Large Scale Deployments

·         Box Product News

 

Rate this article - 1 to 5 Stars
Note: you must be signed in to use this feature