Due to an important security update we need to tell you about changes to our APIs. Please take the time to read what this means for you and check what action you need to take. If you have any questions or need support, please get in touch.
From 30 September, the Transport Layer Security (TLS) protocols 1.0 and 1.1 on our APIs will be disabled. After this date, any call you make to our APIs will need to use 1.2 TLS.
What is TLS?
Transport Layer Security (TLS) is an encryption protocol that ensures privacy and data integrity and our API connections use TLS for security. TLS 1.2 is the most secure, and TLS 1.0 and TLS 1.1 are no longer considered secure practice.
What action do I need to take?
If you use any of the following APIs either you or your users will need to ensure all requests use TLS 1.2 by 30 September. This will involve updating your system that accesses our APIs and/or your customers updating their browsers which access your services that use our APIs).
OS Maps API
OS Places API
OS Names API
INSPIRE Address View
You will need to review your API client configurations to determine what TLS versions are being used and take the necessary actions to migrate the client configurations to support TLS 1.2. If your access to these APIs is already using TLS 1.2 you won’t need to make any changes.
For API consumers, review your API client (i.e. API consumer application) configurations to determine what TLS versions are being used and take the necessary actions to migrate the client configurations to support TLS 1.2. The following client versions below should see no disruption:
Client TLS 1.2 Support
JDK 8 and above OpenSSL 1.0 and above
.Net 4.7 and above using OS default
Chrome 30 and above
Firefox 31 and above
Safari 7 and above on OSX
Android 4.4.2 and above
iOS 5.1.1 and above
Windows Vista & Windows Server 2008
How will I know my migration has been successful?
Our recommended option
Please contact your Account Manager or our Customer Services team to request test keys.
Once you have migrated to TLS 1.2 in production, we can also check and confirm to you that your traffic is now using TLS 1.2 only.
Test endpoints for small scale analysis
OS Names API
OS Maps API
Why do I need to migrate to TLS 1.2?
Our API proxies are hosted by a third party supplier who have announced they will no longer be supporting TLS 1.0 and TLS 1.1 for all HTTPS connections, including those made to customer API proxies.
When do I need to migrate by?
You’ll need to migrate by 30 September. After this date it will not be possible to access our APIs with TLS 1.0 and TLS 1.1.
What happens if I don’t take action?
Any call you or your users make to OS APIs listed above after 30 September will fail.
If we are not ready by 30September, is there any possibility of postponing this change?
No postponements will be available. This is a security requirement that applies across all of our API proxies and are hosted by a third party supplier, and they are unable to make exceptions.
Where can I find instructions of how to migrate?
The migration will depend on your internal systems and set-up, so it’s hard to know the exact steps you’ll need to take to migrate.
Should you need us though, we have technical consultants who will be able to help advise.