Avalara will stop providing support for TLS versions 1.0 and 1.1. To ensure a seamless and secure experience, Avalara will only support only TLS 1.2 moving forward. Read on for details regarding system vulnerabilities and important dates relating to the changes in support.

What is TLS?

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. TLS is the successor to the now deprecated Secure Sockets Layer (SSL) as a means of securing data exchanged between parties online.

Just like every other software in use today, regular updates ensure its viability and mitigation of vulnerabilities in the face of nefarious actors. The most current version of the technology is TLS 1.2.

Disabling TLS 1.0 and TLS 1.1 is a very common industry approach as documented in the below NSA datasheet. This is a communication protocol that many technical specialists are familiar with, so the rationale behind Avalara disabling these versions should not come as a surprise to customers and should be expected.

For additional context please see the National Security Agency’s (NSA) Cybersecurity Information datasheet.

Avalara TLS 1.2 Service Changes

Effective 15 December 2021, Avalara will support only the secure Transport Layer Security (TLS) 1.2 connection in Sandbox accounts. All Avalara AvaTax for Communications SaaS REST and SOAP customers, Geo customers, and SaaS Standard customers must upgrade their Sandbox accounts from TLS 1.0 and TLS 1.1 to TLS 1.2 before 15 December 2021. Failing to upgrade will affect the access and connection to your Avalara account.

Effective 15 January 2022, Avalara will support only the secure Transport Layer Security (TLS) 1.2 connection in Production accounts. All Avalara AvaTax for Communications SaaS REST and SOAP customers, Geo customers, and SaaS Standard customers must upgrade their Production accounts from TLS 1.0 and TLS 1.1 to TLS 1.2 before 15 January 2022. Failing to upgrade will affect the access and connection to your Avalara account.

Important Dates for Avalara TLS 1.2 Cutover

As Avalara continues to improve our security protocols, we will no longer support TLS 1.0 and 1.1 in our REST v2 API as of March 30, 2022. Continued use of TLS 1.0 and 1.1 poses a security risk, and these protocols will no longer be supported.

Clients using these versions are expected to upgrade to support our new standards of TLS 1.2.

This deprecation will affect non-browser software, APIs and other internet infrastructure, so partners and customers who are not yet using TLS 1.2 should plan accordingly.

This change will take effect in our REST v2 API on the following dates:

Sandbox: Feb 1, 2022

Production: March 30, 2022

What Do You Need to Do as an Avalara User?

Avalara’s connectors are equipped to auto-negotiate using TLS.  You don’t need to change anything in your systems in order to use a TLS connector.

NOTE: Apple, Google, Microsoft and Mozilla will disable Transport Layer Security (TLS) 1.0 and 1.1 support in their respective browsers in the first half of 2020.

    • The primary AvaTax endpoint supports TLS 1.2, 1.1, and 1.0 (1.1 and 1.0 until deprecation in first half of 2020).
    • If your connector supports TLS 1.2 they should be able to negotiate over security protocol without any issues. Please use TLS 1.2 as your default.

What happens on March 31, 2022?

Avalara will discontinue support for Transport Layer Security (TLS) versions 1.0 and 1.1 on our Production RESTv2 API endpoint on 3/31/2022.

What about the older SOAP and RESTv1 API endpoints?

Avalara will continue to support TLS 1.0 and 1.1 in SOAP and REST v1 endpoints until 12/31/22. It is strongly recommended that partners still using these legacy APIs refactor to Avalara’s REST v2 API as soon as possible. To assist with this transition, Avalara has published a Refactor Guide to provide details on moving existing supported software to Avalara’s RESTv2 API.

A general customer communication was sent out on 1/6/22, and that information is posted here.

If you have any questions or concerns regarding this update, please submit a Partner Support Case using the following process:

  • If you have access to an AvaTax account, please follow these instructions. Enter “Partner support” and a description in the Subject.
  • Don’t have access to an AvaTax account? Submit a case here. Include ‘Partner support’ in the ‘What issue are you experiencing?’ field. (Important: Leave the field “Which product are you using” as “None.”)

Avalara has identified the most at-risk partner integrations running on legacy SOAP APIs and SDK’s and will be reaching out to impacted partners with specific recommendations to get these integrations TLS 1.2-compliant.

In support of the technical specialists receiving this correspondence please see the table below, which provides SDK-specific details.

SDK Language / Framework Minimum Client Version for TLS 1.2 Support Notes Current SDK TLS 1.2 Status
C# .NET Preferred .NET framework >= 4.7 (TLS 1.2 is default)

Supported in 4.6.2, 4.6.1, 4.5 with service updates, but 1.1 is default.

Preferred .NET standard version > 2.0.(TLS 1.2 is default) Supported in .NET standard version 1.6 and 2.0 (TLS 1.1 is default)

Preferred .NET framework >= 4.7 / .Net Core >= 2.1 (with default TLS1.2)

For other .NET version, registry changes (/ Windows update) are required to support TLS 1.2:

(https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls)

SUPPORTED
Java / Scala / JRE Java 8 recommended.

Java 7 must explicitly enable TLS 1.2.

Java 6 supports TLS 1.2 in versions 6u115 b32 and above.

Scala 2.13.4 recommended. 2.12.12 is acceptable. These versions are only compatible with Java 8+.

Java 8 recommended (with default TLS1.2)

Recommended Instructions to enable TLS1.2 in Java 7 and Java 6

SUPPORTED
JavaScript Node12 recommended. It supports OpenSSL 1.1.1, which supports TLS 1.2. Node12 also supports TLS 1.3 and will be maintained until 2022. Node12 and above recommended (EOL 04/2022) SUPPORTED
Python Behavior for Python 2.7 and 3.x is platform dependent, since calls are made to the operating system socket APIs. Both Python versions default to the highest available TLS versions. The installed version of OpenSSL may also cause variations in behavior. For example, TLSv1.1 and TLSv1.2 come with OpenSSL version 1.0.1. Recommended v3.6+, minimum 2.7.

The python community has rejected <TLS 1.2 for several years. Developers must update to TLS 1.2+ compatible versions to download/update python packages from Pypi. It’s possible to enforce TLS1.2+ connects through modifying the request package.

Recommended v3.6+

Recommended OpenSSL version 1.0.1 or higher

SUPPORTED
PHP Depends on curl & OpenSSL (v1.0.1) version of the system. OpenSSL v1.0.1 and above support TLS 1.2. Recommended PHP 5.6+. It uses CURL for making API calls and supports CURL version 7.34.0, which has default support for TLS 1.2. PHP 5.5.19 appears to be min version. PHP 5.7 defaults to TLS 1.3. Recommended PHP 5.6+

Recommended OpenSSL version 1.0.1 or higher

Recommended cURL version 7.34.0 or higher

SUPPORTED
Ruby Depends on curl & OpenSSL (v1.0.1) version of the system. OpenSSL v1.0.1 and above support TLS 1.2. Ruby 2+, ensure version of OpenSSL is 1.0.2 or greater, which supports TLS 1.2. Ruby version not strictly enforced currently. Recommended Ruby 2+

Recommended OpenSSL version 1.0.1 or higher

Recommended cURL version 7.34.0 or higher

SUPPORTED

As a certified Avalara integration partner, Encompass can help you manage the maintenance of your Avalara solution and unique business processes. For more information on our partner Avalara and Encompass support services, reach out using the contact us button below.

About Encompass Solutions

Encompass Solutions is a business and software consulting firm that specializes in ERP systems, EDI, and Managed Services support for Manufacturers. Serving small and medium-sized businesses since 2001, Encompass modernizes operations and automates processes for hundreds of customers across the globe. Whether undertaking full-scale implementation, integration, and renovation of existing systems, Encompass provides a specialized approach to every client’s needs. By identifying customer requirements and addressing them with the right solutions, we ensure our clients are equipped to match the pace of Industry.