Transport Layer Security (TLS) is a protocol that provides privacy and data integrity between two applications that communicate. It is the most widely used security protocol for web browsers and other applications that require secure data exchange over a network. Through encryption and endpoint-identity verification, TLS ensures that a connection to a remote endpoint is indeed the intended endpoint.

Over time, many TLS 1.1 vulnerabilities have been uncovered and exploited by attackers. Therefore, TLS 1.1 is no longer considered a secure protocol. TLS 1.2 is now the minimum appropriate transport protocol, and TLS 1.3 is strongly recommended.

Version 2.1 of the OneSpan Sign works only with TLS 1.2.

Security and trust are at the heart of OneSpan Sign's business. To align with industry best practices, we have therefore dropped support for TLS 1.1 (we dropped support for TLS 1.0 in 2018).

TLS 1.1 will be disabled in OneSpan Sign's environments on the following dates:

  • Sandbox: March 20 to May 11, 2020
  • Production: June 2 to June 16, 2020

Once OneSpan Sign has disabled TLS 1.1, customers who use that protocol will no longer be able to access OneSpan Sign's e-signature services.

Accordingly, before those dates you should transition your environment to drop TLS 1.1 and enable support for TLS 1.2 or 1.3. You can achieve this by upgrading to the latest Java or .NET environment (and, if you are running an older Microsoft Windows version, by applying the necessary service packs).

To avoid last-minute problems that could disrupt your service, we encourage you to make this upgrade as soon as possible.

For further information, please consult the following articles:

Browser Compatibilty

To ensure that your internet browsers are compatible with the supported versions of TLS please consult this page.

Transport Layer Security (TLS) is a protocol that provides privacy and data integrity between two applications that communicate. It is the most widely used security protocol for web browsers and other applications that require secure data exchange over a network. Through encryption and endpoint-identity verification, TLS ensures that a connection to a remote endpoint is indeed the intended endpoint.

Over time, many TLS 1.0 vulnerabilities have been uncovered and exploited by attackers. Therefore, TLS 1.0 is no longer considered a secure protocol. TLS 1.1 is now the minimum appropriate transport protocol, and TLS 1.2 is strongly recommended.

Version 2.1 of the OneSpan Sign works only with TLS 1.2.

Security and trust are at the heart of OneSpan Sign's business. To align with industry best practices, we have therefore dropped support for TLS 1.0. The following table specifies the dates on which TLS 1.0 was disabled in various OneSpan Sign environments:

  U.S. (10.x) U.S. (11.x) Canada Europe Australia
Sandbox 4 June 2018 4 June 2018 4 June 2018 N/A N/A
Production 10 Sept. 2018 10 Sept. 2018 10 Sept. 2018 10 Sept. 2018 10 Sept. 2018

Since OneSpan Sign has disabled TLS 1.0, customers who use that protocol are no longer able to access OneSpan Sign's e-signature services.

Accordingly, you should already have transitioned your environment to drop TLS 1.0 and enable support for TLS 1.1 or 1.2. You can achieve this by upgrading to the latest Java or .NET environment (and, if you are running an older Microsoft Windows version, by applying the necessary service packs).

For further information, please consult the following articles: