Updating Box from the Transport Layer Security (TLS) 1.0 Encryption Protocol FAQ

Box will no longer provide support for products and services that rely on the Transport Layer Security (TLS) 1.0 encryption protocol as of June 25, 2018.
Starting on 8:00 AM PST on November 12, 2018, Box will block products and services using the TLS 1.0 encryption protocol.

 

 

To minimize the impact on your business, please review the following:

 

What do I need to do?

  • Users need to ensure they're using a compliant version of applications and browsers before the deprecation of TLS 1.0 in order to avoid issues using Box services.
  • Using non-compliant versions of applications and browsers after the deprecation of TLS 1.0 will result in issues and may require manually updating of applications. For more details on end user impact, please see this article.
  • Administrators may find this email template helpful when contacting their end users.
  • More background information and the minimum compliant versions of each client can be found in the sections below.

 

What is TLS?

  • TLS stands for “Transport Layer Security" and is a widely deployed security protocol that is used to securely exchange data over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification. The versions of TLS, to date, are TLS 1.0, 1.1 and 1.2.
  • Box Web and API connections, along with applications such as Box Drive and 3rd party apps, use TLS as a key component of their security.

 

Why is TLS 1.0 being disabled?

  • Box is requiring an upgrade to TLS 1.1 or higher in order to align with industry best practices for security and data integrity. Box is focused on continually helping our customers improve their security by using the latest security protocols.
  • For more information on the global effort to remove support for TLS 1.0, please reference this article from the PCI Security Standards Council.

 

What happens after TLS 1.0 is disabled?

  • Any users using non-compliant versions of applications and browsers after TLS is disabled will see issues. For more details, please see this article.
  • Users on a non-compliant Box application will need to manually update to resolve any issues. IT administrators looking to update their end users' Box applications through a deployment tool should review our recommendations here.
  • Users are required to upgrade their browser to a version that supports TLS 1.1 or higher. Most modern browsers support TLS 1.1 and 1.2. To determine whether your browser supports TLS 1.1 or higher, go here.
  • Anyone using 3rd-party applications that do not support TLS 1.1 or higher must upgrade those applications. Developers of such 3rd-party applications also must upgrade their applications to support TLS 1.1 or higher.

 

TLS 1.1+ Compliant Box Desktop Applications

Box desktop products have been updated to meet the TLS 1.1+ compliance. In order to be in compliance, you must be on the minimum versions below on both Mac and Windows machines. Additionally, all Windows machines must be on .NET 4.5.2 or higher in order for desktop applications to continue to work after the TLS 1.0 deprecation.

 

The minimum versions that comply are as follows:

Note:

For more details on regarding how non-compliant versions of Box Sync, Box Tools, Box for Office and Box Drive will behave after TLS 1.0 is disabled, please see this article.

 

Box Product

Minimum Compliant Version

Download Latest Version

End user impact on non-compliant version

Box Tools 

Box Tools v4:

Mac and Windows: v4.1+

 

Note: We recommend users upgrade to the latest Box Tools version 4.1.x. Box Tools 4.0.x is a non-compliant version as it utilizes the .NET 4.0 framework. 

Download here.

Users will be unable to open files from Box. For more details, 

please see this article.

Box Sync

Mac and Windows: 4.0.6416+

 

Microsoft Internet Explorer v11+

Download here.

Long Term Supported installer available here.

Users will be logged out and will be unable to log in.

The "Box Sync" folder will still exist but changes will not be synced.

 

For more details, please see this article.

Box Drive

Mac: 1.7+

 

Windows: all Box Drive versions On Windows are compliant in terms of core functionality such as accessing Box content and uploading changes. However, 1.13.84+ is required for Windows users in order for Box Drive's update functionality to remain compliant.

 

Microsoft Internet Explorer v11+

Download here.

 

Mac:

Users will be logged out and will be unable to log in

 

Windows:

Users may not be able to successfully update but all other functionality will continue to work.

 

For more details, please see  this article.

Box for Office

4.5.1227+

Download here.

Users will be logged out and will be unable to log in.

 

For more details, please see this article.

 

Why are my users on a non-compliant version?

All Box desktop applications have a built-in update process. More information on how Box's desktop products' updates work and Box's recommendations on deploying manual updates can be found here.

 

Further clarification on Box Tools and the .NET framework:

  • If you are currently on Box Tools 3.5, you can keep using it without interruption. However, we strongly recommend you upgrade to the latest version of Box Tools, which is Tools 4.1
  • If you are currently on Box Tools 4.0, you MUST upgrade your .NET framework to .NET 4.5.2 +. Box then auto-updates you to the latest, compliant version of Box Tools (4.1+). If your organization blocks auto-updates, you will have to perform the Box Tools update manually.
  • If you are currently on Box Tools 4.1, there is nothing you need to do. You are up-to-date.

TLS 1.1+ Compliant Box Mobile Applications

Box mobile products have been updated to meet the TLS 1.1+ compliance. To remain in compliance you must be on the minimum versions below on both Android and iOS devices.

Unless they've somehow customized their installation of Box mobile products, all users should automatically update to at least the minimum compliant version below; no action is required. However, if you have customized the installation of these applications for your users in any way, you may need to ensure all your users upgrade to a minimum compliant version to continue to access Box.

 

Note:

 

Box Product

Minimum Compliant Version

Box for iPhone and iPad (including EMM versions)

Version 4.3.2 and later

Available now!

Box Capture for iPhone and iPad

Version 1.3.3 and later

Available now!

Box for Android Phones and Tablets (including EMM versions)

Android: 4.15 and later

Available now!

Box Capture for EMM

Version 1.3.1 and later

Available now!

 

Box Mobile Download for iOS and Android

Download the latest Box app version for iOS and Android here: https://www.box.com/resources/downloads

 

Box EMM Download Instructions

https://community.box.com/t5/How-To-Guides-for-Mobile/Box-for-EMM-Overview-and-FAQs/ta-p/23842#BEMM_...

 

TLS 1.1+ Compliant Browsers

To ensure that you are TLS 1.1+ compliant, make sure your browsers are updated to these minimum versions below before the deprecation of TLS 1.0 to continue to access Box:

 

Browser

TLS 1.1

TLS 1.2

Chrome

22-25+

30-32+

Safari

7+

7+

Firefox

27–33+

ESR 31.0–31.2+

27–33+

ESR 31.0–31.2+

Internet Explorer

11+

11+

Edge

All Versions

All Versions

 

TLS and DICOM Proxy

If you’re using an incompatible version of the DICOM Proxy to upload DICOM files to Box, your DICOM Proxy will stop working following the deprecation of TLS 1.0.

 

On Monday, June 18, we released an updated and compliant version of the DICOM Proxy. You will have to update your organization manually as automatic updates are not available for this product.

Here’s the link to download the compliant version of the DICOM Proxy and here are instructions for manually deploying it.

 

TLS 1.1+ Compliant 3rd Party Applications

Finally, in order to make sure that all 3rd party applications used by your organization are in compliance, please take action for the following prior to the deprecation of TLS 1.0 to continue to access Box:

 

Application Name

Upgrade Path

3rd Party Integrations

Ensure your integration with Box is updated to TLS 1.1+ using the documentation found here.

FTP

Ensure your FTP client is configured to support TLS 1.1+. Steps may include updating FTPS connection settings to support a minimum version of TLS 1.1 or higher. Please refer to documentation from your preferred FTP client.

WebDAV

Ensure your WebDAV client is configured to support TLS 1.1+. Steps may include updating WebDAVS connection settings to support a minimum version of TLS 1.1 or higher. Please refer to documentation from your preferred WebDAV client.

 

Version history
Revision #:
10 of 10
Last update:
‎09-21-2018 04:13 PM
Updated by:
 
Contributors