On December 13, 2019, as part of security enhancements, Zenoti will use
Transport Layer Security (TLS) 1.2 for all connection requests.
After December 13, 2019, Zenoti will refuse connection requests with TLS versions 1.0 and 1.1.
Important: In addition to deprecating TLS 1.0 and 1.1, Zenoti will no longer support requests with managemyspa.com in the URL. You must replace all instances of managemyspa.com with zenoti.com.
Why are we deprecating TLS 1.0 and 1.1?
TLS 1.0 and 1.1 are out-of-date protocols and do not support modern cryptographic algorithms. They contain security vulnerabilities that may be exploited by attackers, and you may be subjected to:
- POODLE: A man-in-the-middle attack that downgrades the connection to a protocol that is vulnerable to an attack.
- BEAST: A man-in-the-middle attack that takes advantage of a vulnerability in the Cipher Block Chaining mode in TLS 1.0 and use it to decrypt data exchanged between two parties.
In addition to mitigating these security vulnerabilities, we are moving to TLS 1.2 as the majority of encrypted Internet traffic is now over TLS 1.2 which is considered to be the safest and most reliable method of delivering encrypted content over the Internet.
What will happen if I do not upgrade to TLS 1.2?
If you do not upgrade to TLS 1.2, your connection requests with TLS versions 1.0 and 1.1 will be unable to connect to Zenoti.
How can I tell if my connection requests support TLS 1.2?
To ensure your connection requests support TLS 1.2, ensure that the following connections and platforms are compliant with TLS 1.2:
- Java-based applications: Ensure that your JDK is at JDK 8 or higher.
Note: JDK 7 1.7.0_131-b31 also supports TLS 1.2
- Python-based applications: Upgrade your Python environment to 2.7.9 or higher. You must also upgrade your OpenSSL to 1.0.1 or higher.
- PHP and libcurl applications: Update to the latest available version that supports TLS 1.2.
Important: You must ensure the following:
- Your code is not configured to force TLS 1.0 or 1.1.
- If the libcurl constant is hardcoded to CURL_SSLVERSION_TLSv1, you will need
to remove the libcurl constant.
- .NET applications: Native TLS 1.2 support requires the .NET framework to be at 4.7 or higher.
Note: If you wish to use framework versions 4.6 or 4.5, you must configure security protocols to Tls1.2 before establishing a connection to Zenoti System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls.
- Browsers: Ensure that your browser supports TLS 1.2.
See the list of browsers and versions that support TLS 1.2.
- Zenoti Biometric Application: Ensure that your Biometric Application that you are using for Clock in and Clock out is on the latest version of the Biometric software.
Learn how you can install the latest version of the biometric software.