Announcements

Our product news has moved to the new Product Updates page. Please update your bookmarks and subscriptions accordingly. Thanks!

Box Product News

61354 Views
33 Comments

Box will no longer provide support for products and services that rely on the Transport Layer Security (TLS) 1.0 encryption protocol as of June 25, 2018.

 

Starting on 8:00 AM PST on November 12, 2018, Box will block products and services using the TLS 1.0 encryption protocol.

 

Update 09-21-2018

We've consolidated our FAQs into a new KB article and added new details, including:

  • The minimum compliant version of Box Sync on Windows is 4.0.6416, not 4.0.7900.
  • IE v11 is needed for Box Drive and Box Sync to login successfully. This was called out in the "Compliant Browsers" section, but we've added additional notes to make it more clear.
  • Added a note that Box for Windows Phone, Box for Windows 8, or Box for Windows 10 applications have been deprecated.
  • Added a note that Mobile Blackberry 10 will be deprecated as well.

Please review the following FAQs for more details about the change and what you may need to do.

 

The content below is out of date. Please refer to the FAQs for the most recent and accurate information about this change.

 

What do I need to do? 

  • Users need to ensure they're using a compliant version of applications and browsers before November 12, 2018 in order to avoid issues using Box services.
  • Using non-compliant versions of applications and browsers after November 12, 2018 will result in issues and may require manually updating of applications. For more details on end user impact, please see this article.
  • Administrators may find this email template helpful when contacting their end users. 
  • More background information and the minimum compliant versions of each client can be found in the sections below.  

What is TLS?

  • TLS stands for “Transport Layer Security" and is a widely deployed security protocol that is used to securely exchange data over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification. The versions of TLS, to date, are TLS 1.0, 1.1 and 1.2.
  • Box Web and API connections, along with applications such as Box Drive and 3rd party apps, use TLS as a key component of their security. 

Why is TLS 1.0 being disabled?

  • Box is requiring an upgrade to TLS 1.1 or higher in order to align with industry best practices for security and data integrity. Box is focused on continually helping our customers improve their security by using the latest security protocols.  
  • For more information on the global effort to remove support for TLS 1.0, please reference this article from the PCI Security Standards Council.

What happens after TLS 1.0 is disabled?

  • Any users using non-compliant versions of applications and browsers after TLS is disabled will see issues. For more details, please see this article.
  • Users on a non-compliant Box application will need to manually update to resolve any issues. IT administrators looking to update their end users' Box applications through a deployment tool should review our recommendations here.
  • Users are required to upgrade their browser to a version that supports TLS 1.1 or higher. Most modern browsers support TLS 1.1 and 1.2. To determine whether your browser supports TLS 1.1 or higher, go here.
  • Anyone using 3rd-party applications that do not support TLS 1.1 or higher must upgrade those applications. Developers of such 3rd-party applications also must upgrade their applications to support TLS 1.1 or higher.

 

 

TLS 1.1+ Compliant Box Desktop Applications

Box desktop products have been updated to meet the TLS 1.1+ compliance.  In order to be in compliance, you must be on the minimum versions below on both Mac and Windows machines. Additionally, all Windows machines must be on .NET 4.5.2 or higher in order for desktop applications to continue to work after the TLS 1.0 deprecation on November 12, 2018.  

 

 

The minimum versions that comply are as follows:

Note: For more details on regarding how non-compliant versions of Box Sync, Box Tools, Box for Office and Box Drive will behave after TLS 1.0 is disabled, please see this article.

 

Box Product

Minimum Compliant Version

Download Latest Version

End user impact on non-compliant version

Box Tools 

Box Tools v4:

Mac & Windows: v4.1+

 

Note: We recommend users upgrade to the latest Box Tools version 4.1.x. Box Tools 4.0.x is a non-compliant version as it utilizes the .NET 4.0 framework. 

Download here.


Users will be unable to open files from Box. For more details, 

please see this article.

 Box Sync

Mac & Windows: 4.0.7900+

Download here.

Long Term Supported installer available here.

Users will be logged out and will be unable to log in. 

The "Box Sync" folder will still exist but changes will not be synced.

 

For more details,

please see this article.

Box Drive

Mac: 1.7+
Windows: all Box Drive versions On Windows are compliant in terms of core functionality such as accessing Box content and uploading changes. However, 1.13.84+ is required for Windows users in order for Box Drive's update functionality to remain compliant. 

Download here.

 

Mac: 
Users will be logged out and will be unable to log in

Windows: 

Users may not be able to successfully update but  all other functionality will continue to work. 

 

For more details,

please see this article.

Box for Office

4.5.1227+

 Download here.

Users will be logged out and will be unable to log in.  

 

For more details,

please see this article.

  

Why are my users on a non-compliant version? 

All Box desktop applications have a built-in update process. More information on how Box's desktop products' updates work and Box's recommendations on deploying manual updates can be found here.

 

Further clarification on Box Tools and the .NET framework:

  • If you are currently on Box Tools 3.5, you can keep using it without interruption. However, we strongly recommend you upgrade to the latest version of Box Tools, which is Tools 4.1
  • If you are currently on Box Tools 4.0, you MUST upgrade your .NET framework to .NET 4.5.2 +. Box then auto-updates you to the latest, compliant version of Box Tools (4.1+). If your organization blocks auto-updates, you will have to perform the Box Tools update manually.
  • If you are currently on Box Tools 4.1, there is nothing you need to do. You are up-to-date.

TLS 1.1+ Compliant Box Mobile Applications

Box mobile products have been updated to meet the TLS 1.1+ compliance. To remain in compliance you must be on the minimum versions below on both Android and iOS devices.

Unless they've somehow customized their installation of Box mobile products, all users should automatically update to at least the minimum compliant version below; no action is required. However, i f you have customized the installation of these applications for your users in any way, you may need to ensure all your users upgrade to a minimum compliant version prior to November 12, 2018 to continue to access Box.

 

Note  Box for Android was deprecated for versions of Android 4.4.x (KitKat) and earlier in February 2018. These versions of Android are no longer supported by the Box app and will be unable to log in with existing versions of the Box app following the deprecation of TLS 1.0 on November 12, 2018.

 

Box Product

Minimum Compliant Version

Box for iPhone and iPad
(including EMM versions)

Version 4.3.2 and later


Available now!

Box Capture for iPhone and iPad

Version 1.3.3 and later


Available now!

Box for Android Phones and Tablets (including EMM versions)

Android: 4.15 and later


Available now! 

Box Capture for EMM

Version 1.3.1 and later

Available now!

 

 

 

Box Mobile Download for iOS and Android
Download the latest Box app version for iOS and Android here.

https://www.box.com/resources/downloads

 

Box EMM Download Instructions

 

TLS 1.1+ Compliant Browsers

To ensure that you are TLS 1.1+ compliant, make sure your browsers are updated to these minimum versions below prior to November 12, 2018 to continue to access Box:

 

Browser

TLS 1.1

TLS 1.2

Chrome

22-25+

30-32+

Safari

7+

7+

Firefox

27–33+

ESR 31.0–31.2+

27–33+

ESR 31.0–31.2+

Internet Explorer

11+

11+

Edge

All Versions

All Versions

 

TLS and DICOM Proxy
If you’re using an incompatible version of the DICOM Proxy to upload DICOM files to Box, your DICOM Proxy will stop working as of November 12, 2018, when we deprecate TLS 1.0.

 

On Monday, June 18, we released an updated and compliant version of the DICOM Proxy. You will have to update your organization manually as automatic updates are not available for this product.


Here’s the link to download the compliant version of the DICOM Proxy and here are instructions for manually deploying it.

 

TLS 1.1+ Compliant 3rd Party Applications

Finally, in order to make sure that all 3rd party applications used by your organization are in compliance, please take action for the following prior to November 12, 2018 to continue to access Box:

 

Application Name

Upgrade Path

3rd Party Integrations 

Ensure your integration with Box is updated to TLS 1.1+ using the documentation found here

FTP

Ensure your FTP client is configured to support TLS 1.1+. Steps may include updating FTPS connection settings to support a minimum version of TLS 1.1 or higher. Please refer to documentation from your preferred FTP client.

WebDAV

Ensure your WebDAV client is configured to support TLS 1.1+.  Steps may include updating WebDAVS connection settings to support a minimum version of TLS 1.1 or higher. Please refer to documentation from your preferred WebDAV client

 

 

Please log in to subscribe

Stay up to date!

Subscribe to Box newsletters:


First time here?

Tips to get you started:

Users online (258)