- 1 Executive Summary
- 2 Does this apply to me and my desktop or laptop?
- 3 Upgrading your integration software
Please upgrade your Glance users’ clients and your software to integrate your systems with Glance’s APIs to use TLSv1.2. To protect your privacy and your customers’ privacy, Glance will discontinue the use of TLS1.0 on May 1st, 2019.
What is this about?
It is a technical detail about how Glance (and other web applications and web properties) keep your information–and your customers’ information–private and intact on the internet. It’s a detail, but it’s important.
When you access Glance with a web browser, you use the https: prefix on web addresses; for example, you can log in to Glance by visiting https://www.glance.net/login. The https: prefix causes your web browser and our servers to exchange encrypted information over the internet connection between them. The same happens when you use your integration software and our servers to exchange information.
Encryption uses a protocol standard known as Transport Layer Security (TLS), which has several versions. As of October 2018, the available versions are TLSv1.2, TLSv1.1, and TLSv1.0 (TLSv1.3 is starting to become available, and Glance will add support for it when it’s ready). TLS provides both privacy and data integrity.
Glance already accepts TLSv1.2 and TLSv1.1 connections, and most customers already use TLSv1.2. TLSv1.0 is the oldest version of the standard, and it is less secure than newer versions. So, Glance is disabling it in favor of TLSv1.2 or TLSv1.1. We are doing this in an effort to maintain the highest security standards, promoting the safety of your data.
Does this apply to me and my desktop or laptop?
Glance Panorama for Windows
If you use Glance Panorama for Windows, this does apply to you. You should upgrade your version of Glance Panorama for Windows for 4.3.2 or later.
To check which version of Panorama you have:
- Right click on the G icon in your taskbar or notification icons panel.
- In the panel that pops up, click the gear in the top right corner
- Click Advanced. You will see “Panorama Version n.n.n.n” That’s your version number.
If you cannot upgrade Panorama: the other option is to enable the Windows operating system on your machine to use up-to-date TLS. To do that, please apply these settings using regedit.
Windows Registry Editor Version 5.00
If you have many Glance Panorama users on a Windows Domain, you can deploy this registry change to them all via the Group Policy Manager. See this Microsoft post.
If you try to use an older version of Glance Panorama after we disable TLSv1.0, you will see an error message like this:
Glance 2.x Client
2.x versions of Glance support up-to-date TLS. We send you messages when you log in to Glance on your computer encouraging you to upgrade to a more recent version when they are available.
Older versions of Windows
If you, or your customers, use Microsoft Windows Vista, Windows XP or earlier versions of that operating system, they will not connect to Glance after we disable TLSv1.0. For your security and your customers’ security, we strongly encourage you to upgrade your operating system.
If you only use your browser to access Glance, in most cases this TLS problem does not apply to you. You don’t have to worry about it. If your users and your customers use up-to-date operating systems and web browsers, you are already using the secure versions: TLSv1.2 or TLSv1.1. Modern operating systems and web browsers do this for you behind the scenes.
What browsers just work?
The good news is that most up-to-date browsers and operating systems just work. If you use Salesforce.com, Zendesk, or Microsoft Azure, you can be sure your browser supports up-to-date TLS. Many online services require it.
All recent Firefox, Google Chrome, and Microsoft Edge browsers automatically use it.
Microsoft Internet Explorer version 11 automatically uses it.
Apple Safari for MacOS has supported up-to-date TLS since Safari version 7, which was first available on MacOS 10.9.5 (Mavericks).
Apple Safari for iOS has supported up-to-date TLS since iOS version 5.
Android browsers updated since August 2016 support up-to-date TLS.
What browsers don’t work?
Microsoft Internet Explorer version 9 and before cannot use up-to-date TLS. If you or your customers use those browsers, they will not connect to Glance after we disable TLSv1.0. Please either upgrade your Internet Explorer to version 11, or switch to using Google Chrome or Firefox. And, please encourage your customers to do the same.
Internet Explorer version 10 has a setting to allow up-to-date TLS. You can set it by downloading and running an Easy Fix program from Microsoft, here.
What if I’m not sure about my browser?
If you visit https://ww2.glance.net/ and see the web page, your browser supports up-to-date TLS.
SSL Labs by Qualys offers a web page to test your browser, at this address.
The top box on that page describes your browser’s protocol support. If you see the words “Your user agent has good protocol support” in green, you’re in good shape. If not, please upgrade your browser, or download and install Google Chrome or Firefox.
Upgrading your integration software
If your company integrates with Glance APIs using any software applications on servers, please ensure they use TLSv1.2. If your applications do not support up-to-date TLS, your integrations to our APIs will be disrupted when we discontinue TLSv1.0 support.
If you are not sure whether your company integrates with Glance APIs, please show this note to your department’s technical lead for your work with Glance.
Windows Server 2012 R2 and Windows 8.1 or higher use up-to-date TLS. If your integration software runs on such a machine, you need make no changes.
Windows Server 2008 R2 and Windows 7 or higher use up-to-date TLS if Internet Explorer 11 is installed. If your integration software runs on such a machine, ensure IE11 is installed.
Windows Server 2008 and below, and Windows Vista and below, cannot support up-to-date TLS. If your integration software runs on such a machine, you must upgrade the machine or migrate your software.
Microsoft dotNET Framework
If your integration uses Microsoft’s dotNET Framework, the easiest way to update your software is to upgrade it to use Framework version 4.6 or higher.
If you must continuing using Framework version 4.5, you can also enable up-to-date TLS by setting certain registry keys on Windows operating system machines. Apply these registry changes.
Windows Registry Editor Version 5.00
If your integration uses Java, please update to Version 8. If you can’t update to Version 8, please consult Java’s technical documentation for instructions on enabling up-to-date TLS.
You must upgrade your Python installation to version 2.7.9 or later to enable up-to-date TLS.
Version 1.0.0 of OpenSSL is required on the machine hosting your integration software to enable up-to-date TLS.
If you run PERL on Windows, see the section above called “Windows (WinInet).”
If you run it on Linux or a BSD variant, see the section above called “OpenSSL.”