New URL,TLS Support and removal of SSL 3 support
D&B Toolkit global functionality update/changes
As part of our continued effort to improve the customer experience, we are making security enhancements to the Toolkit that need to be communicated to customers. The changes are as follows:
1. NEW Toolkit URL with SHA-2 certificate & TSL support– June 5, 2015
2. Disable SSL v.3 support – June 5, 2015
What this means for our customers:
Customers will be better protected as D&B improve security to mitigate the risk potential from supporting SSL v.3 and eliminate obsolete encryption protocols.
What you need to know:
Customers need to be notified immediately of these changes so that they can:
1. Check if they need to make any application changes
2. Schedule connectivity testing to the new Toolkit URL
3. Review the FAQs which will be posted on our website by March 13th.
A security vulnerability in SSL v.3 (Secure Sockets Layer) has been discovered. This is a general risk that applies to every organization using SSL v.3, and not one specific to D&B. This vulnerability may, in rare cases, permit the decryption by third parties of encrypted information transmitted between browsers and servers that use an obsolete cryptographic protocol (SSL version 3) instead of the newer Transport Layer Security (TLS) protocol.
Therefore, in line with many in the Industry, we are requiring Transport Layer Security (TLS) for the Toolkit and disabling support for SSL v.3 beginning on June 5, 2015.
When this change is implemented, browsers and web service interfaces that do not support TLS will receive error messages and be unable to establish a connection. By implementing this change the following legacy client environments will be impacted and no longer be supported.
- Internet Explorer browser users need to upgrade the browser to IE 7 or later. Chrome, Firefox, or Safari users are not impacted.
- Web service environments will need to upgrade to JVM 1.6 or .NET 3.5 or later.
In order to provide as much flexibility as possible, the new SHA-2 certificate with TLS will be implemented as a new Toolkit URL: http://toolkit-api.dnb.com. Customers and Partners will be able to test connectivity to D&B using the pre-production Staging environment. Customers/Partners can use their Production credentials to test connectivity at http://toolkit-api-stg.dnb.com/. This environment will be available starting Wednesday March 11, 2015 for testing.
D&B will only decommission the existing URL, http://toolkit.dnb.com/, on December 1, 2015. Customers will have between June 5, 2015 and December 1, 2015 to migrate to the new URL and use the new Transport Layer Security to avoid a connectivity error. The existing security certificate will expire at the end of the year and since it is a SHA-1 certificate, it cannot be renewed. Any Customer/Partner requiring technical assistance, should contact Tech Support.
Actions you should take:
1. Please notify your customer of these changes as soon as possible and ask them to provide this information to their Toolkit technical contact, who will determine what changes need to be made to the customer’s application.
2. All Customers/Partners must migrate to the new URL by 1 December 2015 to avoid error.
Who to Contact?
If you have any other questions, you may contact Toolkit Tech Support.