Removing support for TLS 1.0 and 1.1
Scheduled Maintenance Report for Cronofy
Completed
The scheduled maintenance has been completed. Support for TLS 1.0 and 1.1 has been disabled in our US and German data centres.
Posted Feb 27, 2020 - 10:09 UTC
In progress
Scheduled maintenance is currently in progress
Posted Feb 27, 2020 - 10:02 UTC
Scheduled
We will be removing support for TLS 1.0 and 1.1 in our US and German data centres. This will happen shortly after Thursday, February 27, 2020 at 10:00 UTC.

This will affect all HTTPS traffic to the following hostnames:

api.cronofy.com
app.cronofy.com
api-de.cronofy.com
app-de.cronofy.com

Only a small fraction of traffic currently uses TLS 1.0 and 1.1, the vast majority are already using TLS 1.2 which will continue to be supported.

From our impact analysis, those not already using TLS 1.2 split into two groups: older Exchange servers and a handful of API customers.

For Exchange servers we will be shifting to a separate hostname which will continue to support TLS 1.0 and 1.1. Older Windows servers running Exchange do not support TLS 1.2 and so we cannot retire 1.0 and 1.1 from the entirety of our stack. The notifications we receive from these servers do not contain sensitive information and so we have deemed the risk is acceptable for continued service.

For our API customers, we have identified those currently using TLS 1.0 or 1.1 and will be in touch with them shortly to ensure they are aware of this change and to assist with any migration that is needed.

Prior to the full switch over, we will remove support for TLS 1.0 and 1.1 on the mentioned hostnames for roughly 3 hours on Thursday, February 20, 2020 between 12:00 and 15:00 UTC.
Posted Jan 29, 2020 - 11:28 UTC
This scheduled maintenance affected: API and Developer Dashboard.