In order to provide a more secure platform, we have decided to stop supporting older security protocols, either as default options or at all. Impact to our customers will vary and is dependent on your use, or that of your own customers or application end-users, of these older protocols. We will work with impacted customers on mitigation plans as needed. The changes to our service are as follows:
-
On June 14, 2020, PubNub will deprecate support for Secure Sockets Layer (SSL) version 3.0 for all of our standard origins and for all custom origins unless an exception is requested through your account representative.
-
On September 30, 2020, PubNub will deprecate support for Transport Layer Security (TLS) version 1.0 for all of our standard origins and for all custom origins unless an exception is requested through your account representative.
-
On December 31, 2020, PubNub will deprecate support for TLS 1.1 for all of our standard origins and for all custom origins unless an exception is requested through your account representative.
What are SSL and TLS and Why the Change?
SSL (Secure Sockets Layer) and its successor, Transport Layer Security (TLS), are standard protocols for securely establishing authenticated and encrypted communication across the Internet, including into the PubNub Data Stream Network, PubNub Portal and other PubNub services. PubNub strongly recommends that its customers use our TLS-enabled endpoints, including our standard origins, custom origins or white-label origins.
SSL and earlier versions of the TLS protocol are becoming obsolete as more secure versions are made available. The vast majority of browsers, clients, mobile devices and applications frameworks support modern, secure TLS versions. PubNub will periodically review and update its support for TLS versions, and provide customers at least three month’s notice of any global changes.
What happens after June 2, 2020?
After June 2, 2020, all communications with PubNub's standard Data Stream Network and Portal endpoints will require the use of TLS v1.0 or higher, SSL v3 will no longer be supported on our standard endpoints.
What happens after September 30, 2020?
After September 30, 2020, all communications with PubNub's standard Data Stream Network and Portal endpoints will require the use of TLS v1.1 or higher, TLS v1.0 will no longer be supported on our standard endpoints..
What happens after December 31, 2020?
After December 31, 2020, all communications with PubNub's standard Data Stream Network and Portal endpoints will require the use of TLS v1.2 or higher, TLS v1.1 will no longer be supported on our standard endpoints.
Who is affected?
All customers and end users consuming PubNub services via our standard endpoints will be affected on the above dates. Again, the vast majority of devices and clients support modern, secure versions of TLS that PubNub will continue to offer. If the devices and clients do not support the more secure versions, they are likely to experience errors when connecting to PubNub and making API calls.
Also, all custom and white-label origins will be affected unless a support request is submitted explicitly requesting continued support of legacy TLS and/or SSL.
To test the TLS compatibility of your application or client, please visit this page: https://www.ssllabs.com/ssltest/viewMyClient.html
If you have questions about how much of your current PubNub usage is impacted by the SSLV3 or TLS 1.0 changes, please contact PubNub Support.
What options do I have?
Opt-out and continue supporting SSL v3 (full deprecation by June 2, 2021).
If you require continued support of SSL v3 after June 2, 2020, you must currently be utilizing a custom origin or move your traffic to a custom or white-label origin. Please contact your account representative or PubNub support to enable a custom origin.
Continued use of SSL v3 after June 2, 2020 may incur an additional monthly cost.
Opt-out and continue supporting TLS v1.0 (full deprecation by September 30, 2021).
If you require continued support of TLS v1.0 after September 30, 2020, you must currently be utilizing a custom origin or move your traffic to a custom or white-label origin. Please contact your account representative or PubNub support to enable a custom origin.
Continued use of TLS v1.0 after September 30, 2020 may incur an additional monthly cost.
Opt-in for TLS v1.1/1.2 early
If you prefer to have your PubNub traffic moved to TLS v1.1+ endpoints sooner than September 30, 2020, please contact your account representative.
Likewise, after September 30, 2020, but prior to December 31, 2020, you will have the opportunity to request that your PubNub traffic be served by infrastructure that only supports TLS v1.2 by contacting your account representative.
What is a custom origin?
PubNub allows customers to direct requests into PubNub's Data Stream Network via a customer-specific domain name. This allows the PubNub operations team to route this traffic discretely, and allows for custom edge configuration including custom TLS configuration.
Additional details?
If you need any more details regarding this change, including the standard ciphers that will be supported, please contact your account representative or PubNub Support.