Skip to Main Content
×
Freshbooks
Official App
Free – Google Play
Get it
FreshBooks is Loved by American Small Business Owners
FreshBooks is Loved by Canadian Small Business Owners
FreshBooks is Loved by Small Business Owners in the UK
Dev Blog

We’re Disabling Weak SSL on January 11, 2010

by paul on September 29/2009

On January 4th 11th, 2010, the first second Monday of the new year, we will be disabling weak SSL protocols. This change affects both API and browser users.

The protocols we are disabling are:

  • SSLv2
  • Ciphers with keylengths less than 128 bits in SSLv3 or TLSv1

We are disabling these protocols to enhance the security of our users’ financial data as it is passed over the Internet. SSLv2 has several published vulnerabilities and should not be considered secure, and keys shorter than 128 bits are no longer considered sufficiently resistant to compromise. The Wikipedia article on TLS and SSL contains some background information on the vulnerablities in these protocols.

Analyzing the last month’s worth of traffic suggests that this will affect a very small number of users. We have contacted all affected integrations with whom we have existing

relationships. We will continue to monitor our logs to look for any other SSLv2 or short keylength users whom we have missed.

Modern browsers (Firefox 2+; IE 7+; Safari) disable these weak protocols by default.

If you have any questions or comments on our plan to disable these weak SSL protocols, please let us know at .(JavaScript must be enabled to view this email address).