Glance TLS v1.0 Support

Executive Summary

Please upgrade your Glance users’ clients and your software to integrate your systems with Glance’s APIs to use TLSv1.2. To protect your privacy and your customers’ privacy, Glance discontinued the use of TLS1.0 on May 1st, 2019.

What is this about?

It is a technical detail about how Glance (and other web applications and web properties) keep your information–and your customers’ information–private and intact on the internet. It’s a detail, but it’s important.

When you access Glance with a web browser, you use the https: prefix on web addresses; for example, you can log in to Glance by visiting https://www.glance.net/login. The https: prefix causes your web browser and our servers to exchange encrypted information over the internet connection between them. The same happens when you use your integration software and our servers to exchange information.

Encryption uses a protocol standard known as Transport Layer Security (TLS), which has several versions. As of October 2018, the available versions are TLSv1.2, TLSv1.1, and TLSv1.0 (TLSv1.3 is starting to become available, and Glance will add support for it when it’s ready). TLS provides both privacy and data integrity.

Glance already accepts TLSv1.2 and TLSv1.1 connections, and most customers already use TLSv1.2. TLSv1.0 is the oldest version of the standard, and it is less secure than newer versions. So, Glance is disabling it in favor of TLSv1.2 or TLSv1.1. We are doing this in an effort to maintain the highest security standards, promoting the safety of your data.

Does this apply to me and my desktop or laptop?

Glance Client (formerly Panorama) for Windows

If you use the Glance Client for Windows, this does apply to you. You should upgrade your version of the Glance Client for Windows for 4.3.2 or later.

To check which version of the Glance Client you have:

  1. Right click on the Glance icon in your taskbar or notification icons panel.
  2. In the panel that pops up, click the gear in the top right corner
  3. Click Advanced. You will see “Version n.n.n.n” That’s your version number.

If you cannot upgrade the Client: the other option is to enable the Windows operating system on your machine to use up-to-date TLS. To do that, please apply these settings using regedit.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

If you have many Glance Client users on a Windows Domain, you can deploy this registry change to them all via the Group Policy Manager. See this Microsoft post.

If you try to use an older version of the Glance Client, you will see an error message like this: "Error looking for session".

Glance 2.x Client

2.x versions of Glance support up-to-date TLS. We send you messages when you log in to Glance on your computer encouraging you to upgrade to a more recent version when they are available.

Older versions of Windows

If you, or your customers, use Microsoft Windows Vista, Windows XP or earlier versions of that operating system, they will not connect to Glance. For your security and your customers’ security, we strongly encourage you to upgrade your operating system.

Browsers

If you only use your browser to access Glance, in most cases this TLS problem does not apply to you. You don’t have to worry about it. If your users and your customers use up-to-date operating systems and web browsers, you are already using the secure versions: TLSv1.2 or TLSv1.1. Modern operating systems and web browsers do this for you behind the scenes.

What browsers just work?

The good news is that most up-to-date browsers and operating systems just work. If you use Salesforce.com, Zendesk, or Microsoft Azure, you can be sure your browser supports up-to-date TLS. Many online services require it.

All recent Firefox, Google Chrome, and Microsoft Edge browsers automatically use it.

Microsoft Internet Explorer version 11 automatically uses it.

Apple Safari for MacOS has supported up-to-date TLS since Safari version 7, which was first available on MacOS 10.9.5 (Mavericks).

Apple Safari for iOS has supported up-to-date TLS since iOS version 5.

Android browsers updated since August 2016 support up-to-date TLS.

What browsers don’t work?

Microsoft Internet Explorer version 9 and before cannot use up-to-date TLS. If you or your customers use those browsers, they will not connect to Glance. Please either upgrade your Internet Explorer to version 11, or switch to using Google Chrome or Firefox. And, please encourage your customers to do the same.

Internet Explorer version 10 has a setting to allow up-to-date TLS. You can set it by downloading and running an Easy Fix program from Microsoft, here.

What does an error look like?

If you are using an older version of Internet Explorer on Windows 7, your browser may look like this: A TLS error message.

To update your TLS settings in your Internet Explorer browser:

  1. Go to Tools and select Internet options.
  2. From the Advanced tab, scroll to the bottom of the options.
  3. If selected, clear the checkbox for Use TLS 1.0.
  4. Select Use TLS 1.2. A TLS error message.
  5. Click Apply.
  6. Click OK.
  7. Close and reopen your browser.

What if I’m not sure about my browser?

If you visit https://ww2.glance.net/ and see the web page, your browser supports up-to-date TLS.

SSL Labs by Qualys offers a web page to test your browser, at this address.

https://www.ssllabs.com/ssltest/viewMyClient.html

The top box on that page describes your browser’s protocol support. If you see the words “Your user agent has good protocol support” in green, you’re in good shape. If not, please upgrade your browser, or download and install Google Chrome or Firefox.

Upgrading your integration software

If your company integrates with Glance APIs using any software applications on servers, please ensure they use TLSv1.2. If your applications do not support up-to-date TLS, your integrations to our APIs will be disrupted when we discontinue TLSv1.0 support.

If you are not sure whether your company integrates with Glance APIs, please show this note to your department’s technical lead for your work with Glance.

Windows (WinInet)

Windows Server 2012 R2 and Windows 8.1 or higher use up-to-date TLS. If your integration software runs on such a machine, you need make no changes.

Windows Server 2008 R2 and Windows 7 or higher use up-to-date TLS if Internet Explorer 11 is installed. If your integration software runs on such a machine, ensure IE11 is installed.

Windows Server 2008 and below, and Windows Vista and below, cannot support up-to-date TLS. If your integration software runs on such a machine, you must upgrade the machine or migrate your software.

Microsoft .NET Framework

If your integration uses Microsoft’s .NET Framework, the easiest way to update your software is to upgrade it to use Framework version 4.6 or higher.

If you must continuing using Framework version 4.5, you can also enable up-to-date TLS by setting certain registry keys on Windows operating system machines. Apply these registry changes.

C

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

Java

If your integration uses Java, please update to Version 8. If you can’t update to Version 8, please consult Java’s technical documentation for instructions on enabling up-to-date TLS.

Python

You must upgrade your Python installation to version 2.7.9 or later to enable up-to-date TLS.

OpenSSL

Version 1.0.0 of OpenSSL is required on the machine hosting your integration software to enable up-to-date TLS.

PERL

If you run PERL on Windows, see the section above called “Windows (WinInet).”

If you run it on Linux or a BSD variant, see the section above called “OpenSSL.”

By continuing to use the site, you agree to the use of cookies. Learn More