As explained in our previous post; Security Enhancement: Enforcing SSL on api.datasift.com, DataSift will be introducing some security enhancements around the use of SSL on the DataSift platform.
This post provides some updated timeframes from the aforementioned post.
March 1st, 2016
We will be changing our load-balancing configuration for app.datasift.com and api.datasift.com. The intention is that this has no impact to our customers. The only visible changes should be:
- DNS will resolve to different IPs:
- New SSL certificate
- Minor changes to HTTP headers, none that should impact service
Crucially HTTPS will not be mandatory, and SSLv3 will still be supported for HTTPS connections
May 3rd, 2016
- We will mandate TLSv1.2 for all SSL connections on
app.datasift.com. SSLv3 and TLSv1.0 will not be supported
- HTTP will still be supported
July 11th, 2016
- HTTPS will be mandatory for
api.datasift.com. All HTTP requests will be denied. Redirects will not be used due to security issues
- All HTTP requests on
app.datasift.com will be redirected to HTTPS
Next Phase (Date TBC)
- HSTS to be implemented to protect against protocol downgrade attacks.