At TomTom, we like to ensure that our customers’ data is properly protected while in transport from customer to our systems. On September 1st, 2021, we will remove support for the following to improve transport security for all customers:
- API calls without using TLS
- API calls using TLS version 1.0 and 1.1
This means that all clients making API calls need to use TLS version 1.2 as it will help ensure that the highest security standards are maintained.
What is TLS?
Transport Layer Security (TLS) is the security mechanism used to secure all communication between your application and TomTom as it travels over the public network. It is the standard security protocol and is used between servers and their clients.
TomTom customers can make use of TLS to secure client connections between their client and TomTom’s servers. It is important to use this to make it more difficult for third parties to decode your network data. TomTom currently allows the transport of API calls to be secure with any TLS version, or not at all. On September 1st, 2021 it will become mandatory to use TLS version 1.2 to ensure that the safety of your data is maintained.
Who will be impacted?
Any client not using TLS version 1.2 will no longer be able to make use of TomTom’s online services once TLS version 1.2 becomes mandatory.
Any client already using TLS version 1.2 will not be impacted.
What will need to be done to prepare for the change?
Confirm your client software supports TLS1.2 when making HTTPS connections. If you’re not sure, connect your client to https://www.howsmyssl.com/ to see what TLS settings are used when making connections.
If you are already using version 1.2 then this change does not affect you. If you are using version 1.0 or 1.1 or not using TLS at all, you will need to update the application or its libraries that connect to TomTom servers to start using TLS version 1.2.
Frequently Asked Questions
- How can I check what version of TLS I am using?
- Check your applications source code OR connect your client to https://www.howsmyssl.com/
- My application does not use any TLS security. Will this change affect me and how?
- Yes, insecure transport layer communication will be disabled. Your application will stop working when this change is made.
- I have a mobile application using an earlier version than TLS version 1.2, what does this mean for me?
- You will need to recompile your application and distribute it to your users.
- My iOS application uses TLS v1.2, what if my application runs on iOS versions that does not support TLS1.2?
- iOS 5 TLS1.2 is supported. Applications that run on iOS 4.x.x and earlier will not be able to connect since it is not secure enough.
- My Android application uses TLS v1.2, what if my application runs on Android versions that does not support TLS1.2?
- Android 4.4 KitKat (API Level 19) TLS1.2 is supported. Applications that run on earlier versions will not be able to connect due to security reasons.
- What type and version of browser must my users use?
- This change only affects TLS compatibility. https://caniuse.com/#feat=tls1-2 has a list of browser compatibility for TLS 1.2.
- I am using the TomTom Web SDK, iOS SDK or Android SDK. Do I need to do anything?
- No, all versions of our SDKs use TLS 1.2, provided they run on a platform or are being used by a browser that supports it. Thus, the SDK must run on iOS 5 or later, Android KitKat 4.4 or later, or a recent browser.
- I need to make changes to my application to support TLS1.2, should I test it?