Why am I failing to work with JFrog Cloud services with TLS 1.0/1.1?

JFrog Support
2018-05-31 07:42

JFrog is deprecating support for TLS 1.0 and 1.1 from Cloud services (Artifactory, Bintray and Xray) on June 24th, 2018.
It’s very important that you ensure that all of your systems (e.g. browsers, the different clients such as Maven, Docker and npm) that communicate with the different JFrog Cloud services are TLS 1.2 compliant before June 24th 2018. Clients that are not TLS 1.2 compliant, will automatically lose access to the JFrog Cloud services.

What is TLS?

Transport Layer Security (TLS) is the most widely deployed security protocol used today for Web browsers and other applications that require data to be securely exchanged over a network.
In our case, TLS is being used for securing data over HTTPS between clients such as browsers, Maven, Docker, and the different JFrog Cloud services.

Why is JFrog deprecating TLS 1.0 and 1.1?

Both TLS 1.0 and 1.1 are quite old and many improvements have been introduced since they were released, making them obsolete and not up to date with regards to security.
TLS 1.0 and 1.1 are vulnerable to major attacks, such as POODLE and BEAST.
Furthermore, the PCI Data Security Standard (PCI DSS) requires that you disable the use of any SSL/TLS 1.0 implementations by June 30th, 2018.

Given the vulnerabilities TLS 1.0 and 1.1 are susceptible to and the recommendations provided by PCI, we’ll be deprecating support for both of these versions and moving ahead with support for the TLS 1.2 only.

How does this change affect you?

If you are working with any clients using TLS 1.0 or 1.1 with JFrog Cloud services (clients can be browsers and the different client like Maven, Docker, npm and more), you will no longer be able to work with them, and will get a failure messages respectively.

Which JFrog Services are Affected?

The affected JFrog cloud services are : Bintray, Artifactory Cloud and Xray Online.

What action is required?

As a JFrog SaaS user for Artifactory / Bintray / Xray, you need to make sure all of the clients accessing one or more of the services in any manner use TLS 1.2.
Note: This includes browsers – make sure the browser you are working with is TLS 1.2 compliant.