PageUp Disabling TLS 1.0
PageUp is requiring clients to connect using TLS 1.1 or higher by February 28, 2018 in order to align with industry best practices for security and data integrity. On that date we will begin disabling TLS 1.0. Action is required prior to this date to prevent any disruption to your PageUp instance. This article contains all of the information currently available on PageUp’s disablement of the TLS 1.0 encryption protocol.
WHAT IS THE CHANGE?
TLS Encryption is a mechanism used to secure all communications between web browsers and the PageUp Servers. PageUp is requiring an upgrade to TLS 1.1 or higher by February 28, 2018. On that date we will begin disabling the TLS 1.0 encryption protocol, which will prevent customers still using it from accessing all PageUp services.
HOW WILL CUSTOMERS BE IMPACTED?
After PageUp disables TLS 1.0, any inbound connections to PageUp that rely on TLS 1.0 will fail (you will likely see the image below if using IE/Chrome). This will impact a number of PageUp services (listed below).
WHY IS THIS HAPPENING?
PageUp place the utmost importance on security of client information and in doing so conduct regular reviews of the way that clients connect securely to our platform using the latest security protocols. On February 28, 2018, PageUp will require TLS 1.1 and later encryption protocol in an effort to maintain the highest security standards and promote the safety of client data.
A reminder that affected browsers by this change have been out of support for some time now.
https://knowledgeportal.pageuppeople.com/getting-started/browser-support/
AFFECTED SERVICES
(for the below, substitute “dcx” with your relevant data centre)
PageUp People UTMP
https://%clientname%.dcx.pageuppeople.com
https://secure.dcx.pageuppeople.com/apply/%instid%
https://admin.dcx.pageuppeople.com
Single Sign On (SSO/SAML) Clients
https://admin.dcx.pageuppeople.com/gateway.aspx
PageUp API
https://api.dcx.pageuppeople.com
PageUp WebServices
https://webservices.dcx.pageuppeople.com/*
PageUp SFTP Connectivity
https://securestorage.dcx.pageuppeople.com SFTP is not affected, FTPS connections are.
PAGEUP MOBILE APPS
PageUp Everyday Performance
The PageUp Everyday Performance app will not be affected.
PageUp Everyday Learning
The PageUp Everyday Learning app will not be affected.
WHAT BROWSERS ARE AFFECTED?
This change will render the following browsers unable to connect to PageUp’s UTMP.
Google Chrome — Version 21 and earlier
Google Android OS Browser — Android 4.1 and earlier
Mozilla Firefox — Version 23 and earlier
Internet Explorer —
Vista — version 9 and earlier
Windows 7 — Version 10 and earlier
Windows 8 — Version 10 and earlier
Windows 8.1 — Not affected
Windows 10 — Not affected
Microsoft Edge — Not Affected
Opera — Version 12.8 and earlier
Apple Safari —
OSX 10.8 — Version 6 and earlier
OSX 10.9+ — Not affected
Apple Safari (mobile) —
iOS 4 and earlier — Version 5 and earlier
iOS 4+ — Not affected
Note: for the most up-to-date information, please visit — https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers
POTENTIAL AFFECTED EXTERNAL APPLICANTS
For clients that have our Recruitment module and have external users applying for jobs via our careers sites/apply portal, be aware that this will also affect those users.
As per -
any users that are using a supported browser will not have any issues.
PageUp will not be supporting public end users on non supported browsers. Please be mindful of this before logging support tickets on behalf of applicants
If an applicant experiences an issue, we recommend that you ask them to access the system with a browser on the below list — https://knowledgeportal.pageuppeople.com/getting-started/browser-support/
HOW CAN I CHECK MY BROWSER?
If you are using a modern browser, you should have no issues once TLS 1.0 is disabled. The following can help you test some individual clients to verify though -
Salesforce have a page to check that TLS 1.0 deactivation will not cause any issues — https://tls1test.salesforce.com/s/
Note: you should not rely solely on this this information and this is provided as a 3rd party assistance tool only. When in doubt, verify with your IT Department.
HOW CAN I CHECK OTHER SERVICES?
To check other affected services — SSO, API, WebServices. The best approach is to forward this notification to the relevant technical department internally for them to evaluate and advise.
HOW DO I GET HELP?
Head to our Knowledge Portal for the most up to date information —
PageUp is available to support clients through this transition. We recommend following the below steps
- Access this page to confirm whether or not your browser is still using TLS 1.0 (Click Here)
- If you do not receive a Green Tick as pictured above, please contact your internal IT team and share this information and your test results.
- Your IT team will then be able to update your browser so that it is using the correct TLS version.
If you are experiencing difficulties in completing the test, or your IT team has any additional questions, please have them send an email to PageUp Support with the following information
Subject: TLS 1.0 encryption — assistance required
Body: We are currently assessing the impact of transitioning away from browsers using TLS 1.0 encryption. We have the following questions
- Question 1
- Question 2
Please contact the below member of our IT team to discuss
Name:
Email address:
UPDATES
15th January 2018 — We’ve had a few requests from Australian clients to apply this to UAT so that they can test their internal endpoints before we start removing from Production Instances.
We’re happy to report that the following have TLS 1.0 disabled and can be used for testing.
https://adminuat.dc2.pageuppeople.com/default.aspx (Admin)
https://secureuat.dc2.pageuppeople.com/apply/218/aw/applicationForm/default.asp (Apply) — note your URL will differ slightly, example only.
https://esuat.dc2.pageuppeople.com (Employee Services — note — you will have a custom CNAME for your own branded Employee Services, ie https://uatcompanyname.pageuppeople.com)
If you would also like the option to test and are not an Australian based client, please let us know and we can set this up for you.
19th January 2018 — Starting January 22nd, we will be disabling TLS 1.0 in our UK region (*.DC3.pageuppeople.com) for UAT instances only to continue testing.
