**Update** - This change is now complete

 

Due to an important security update we need to tell you about changes to our APIs. Please take the time to read what this means for you and check what action you need to take. If you have any questions or need support, please get in touch.

 

From 30 September, the Transport Layer Security (TLS) protocols 1.0 and 1.1 on our APIs will be disabled. After this date, any call you make to our APIs will need to use 1.2 TLS.


What is TLS?

Transport Layer Security (TLS) is an encryption protocol that ensures privacy and data integrity and our API connections use TLS for security. TLS 1.2 is the most secure, and TLS 1.0 and TLS 1.1 are no longer considered secure practice.

 

What action do I need to take?

If you use any of the following APIs either you or your users will need to ensure all requests use TLS 1.2 by 30 September. This will involve updating your system that accesses our APIs and/or your customers updating their browsers which access your services that use our APIs).

 

  • OS Maps API

  • OS Places API

  • OS Names API

  • INSPIRE Address View

 

You will need to review your API client configurations to determine what TLS versions are being used and take the necessary actions to migrate the client configurations to support TLS 1.2.  If your access to these APIs is already using TLS 1.2  you won’t need to make any changes.

 

For API consumers, review your API client (i.e. API consumer application) configurations to determine what TLS versions are being used and take the necessary actions to migrate the client configurations to support TLS 1.2. The following client versions below should see no disruption:

 

Client TLS 1.2 Support

 

  • JDK 8 and above OpenSSL 1.0 and above

  • .Net 4.7 and above using OS default

  • Browsers

    • Chrome 30 and above

    • Firefox 31 and above

    • IE 11

    • Edge

    • Safari 7 and above on OSX

  • OSs

    • Android 4.4.2 and above

    • iOS 5.1.1 and above

    • Windows Vista & Windows Server 2008

Why do I need to migrate to TLS 1.2?

Our API proxies are hosted by a third party supplier who have announced they will no longer be supporting TLS 1.0 and TLS 1.1 for all HTTPS connections, including those made to customer API proxies.

 

When do I need to migrate by?

You’ll need to migrate by 30 September. After this date it will not be possible to access our APIs with TLS 1.0 and TLS 1.1.

 

What happens if I don’t take action?

Any call you or your users make to OS APIs listed above after 30 September will fail.

 

If we are not ready by 30September, is there any possibility of postponing this change?

No postponements will be available. This is a security requirement that applies across all of our API proxies and are hosted by a third party supplier, and they are unable to make exceptions.

 

Where can I find instructions of how to migrate?

The migration will depend on your internal systems and set-up, so it’s hard to know the exact steps you’ll need to take to migrate.

Should you need us though, we have technical consultants who will be able to help advise.

 

Who can I contact with questions?

Please contact your Account Manager or our Customer Services team: CustomerServices@os.uk  with any questions.