Avalara will stop providing support for TLS versions 1.0 and 1.1. To ensure a seamless and secure experience, Avalara will only support only TLS 1.2 moving forward. Read on for details regarding system vulnerabilities and important dates relating to the changes in support.

What is TLS?

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. TLS is the successor to the now deprecated Secure Sockets Layer (SSL) as a means of securing data exchanged between parties online.

Just like every other software in use today, regular updates ensure its viability and mitigation of vulnerabilities in the face of nefarious actors. The most current version of the technology is TLS 1.2.

Disabling TLS 1.0 and TLS 1.1 is a very common industry approach as documented in the below NSA datasheet. This is a communication protocol that many technical specialists are familiar with, so the rationale behind Avalara disabling these versions should not come as a surprise to customers and should be expected.

For additional context please see the National Security Agency’s (NSA) Cybersecurity Information datasheet.

Avalara TLS 1.2 Service Changes

Effective 15 December 2021, Avalara will support only the secure Transport Layer Security (TLS) 1.2 connection in Sandbox accounts. All Avalara AvaTax for Communications SaaS REST and SOAP customers, Geo customers, and SaaS Standard customers must upgrade their Sandbox accounts from TLS 1.0 and TLS 1.1 to TLS 1.2 before 15 December 2021. Failing to upgrade will affect the access and connection to your Avalara account.

Effective 15 January 2022, Avalara will support only the secure Transport Layer Security (TLS) 1.2 connection in Production accounts. All Avalara AvaTax for Communications SaaS REST and SOAP customers, Geo customers, and SaaS Standard customers must upgrade their Production accounts from TLS 1.0 and TLS 1.1 to TLS 1.2 before 15 January 2022. Failing to upgrade will affect the access and connection to your Avalara account.

Important Dates for Avalara TLS 1.2 Cutover

As Avalara continues to improve our security protocols, we will no longer support TLS 1.0 and 1.1 in our REST v2 API as of March 30, 2022. Continued use of TLS 1.0 and 1.1 poses a security risk, and these protocols will no longer be supported.

Clients using these versions are expected to upgrade to support our new standards of TLS 1.2.

This deprecation will affect non-browser software, APIs and other internet infrastructure, so partners and customers who are not yet using TLS 1.2 should plan accordingly.

This change will take effect in our REST v2 API on the following dates:

Sandbox: Feb 1, 2022

Production: March 30, 2022

What Do You Need to Do as an Avalara User?

Avalara’s connectors are equipped to auto-negotiate using TLS.  You don’t need to change anything in your systems in order to use a TLS connector.

NOTE: Apple, Google, Microsoft and Mozilla will disable Transport Layer Security (TLS) 1.0 and 1.1 support in their respective browsers in the first half of 2020.

    • The primary AvaTax endpoint supports TLS 1.2, 1.1, and 1.0 (1.1 and 1.0 until deprecation in first half of 2020).
    • If your connector supports TLS 1.2 they should be able to negotiate over security protocol without any issues. Please use TLS 1.2 as your default.

What happens on March 31, 2022?

Avalara will discontinue support for Transport Layer Security (TLS) versions 1.0 and 1.1 on our Production RESTv2 API endpoint on 3/31/2022.

What about the older SOAP and RESTv1 API endpoints?

Avalara will continue to support TLS 1.0 and 1.1 in SOAP and REST v1 endpoints until 12/31/22. It is strongly recommended that partners still using these legacy APIs refactor to Avalara’s REST v2 API as soon as possible. To assist with this transition, Avalara has published a Refactor Guide to provide details on moving existing supported software to Avalara’s RESTv2 API.

A general customer communication was sent out on 1/6/22, and that information is posted here.

If you have any questions or concerns regarding this update, please submit a Partner Support Case using the following process:

  • If you have access to an AvaTax account, please follow these instructions. Enter “Partner support” and a description in the Subject.
  • Don’t have access to an AvaTax account? Submit a case here. Include ‘Partner support’ in the ‘What issue are you experiencing?’ field. (Important: Leave the field “Which product are you using” as “None.”)

Avalara has identified the most at-risk partner integrations running on legacy SOAP APIs and SDK’s and will be reaching out to impacted partners with specific recommendations to get these integrations TLS 1.2-compliant.

In support of the technical specialists receiving this correspondence please see the table below, which provides SDK-specific details.

SDK Language / Framework Minimum Client Version for TLS 1.2 Support Notes Current SDK TLS 1.2 Status
C# .NET Preferred .NET framework >= 4.7 (TLS 1.2 is default)

Supported in 4.6.2, 4.6.1, 4.5 with service updates, but 1.1 is default.

Preferred .NET standard version > 2.0.(TLS 1.2 is default) Supported in .NET standard version 1.6 and 2.0 (TLS 1.1 is default)

Preferred .NET framework >= 4.7 / .Net Core >= 2.1 (with default TLS1.2)

For other .NET version, registry changes (/ Windows update) are required to support TLS 1.2:

(https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls)

SUPPORTED
Java / Scala / JRE Java 8 recommended.

Java 7 must explicitly enable TLS 1.2.

Java 6 supports TLS 1.2 in versions 6u115 b32 and above.

Scala 2.13.4 recommended. 2.12.12 is acceptable. These versions are only compatible with Java 8+.

Java 8 recommended (with default TLS1.2)

Recommended Instructions to enable TLS1.2 in Java 7 and Java 6

SUPPORTED
JavaScript Node12 recommended. It supports OpenSSL 1.1.1, which supports TLS 1.2. Node12 also supports TLS 1.3 and will be maintained until 2022. Node12 and above recommended (EOL 04/2022) SUPPORTED
Python Behavior for Python 2.7 and 3.x is platform dependent, since calls are made to the operating system socket APIs. Both Python versions default to the highest available TLS versions. The installed version of OpenSSL may also cause variations in behavior. For example, TLSv1.1 and TLSv1.2 come with OpenSSL version 1.0.1. Recommended v3.6+, minimum 2.7.

The python community has rejected <TLS 1.2 for several years. Developers must update to TLS 1.2+ compatible versions to download/update python packages from Pypi. It’s possible to enforce TLS1.2+ connects through modifying the request package.

Recommended v3.6+

Recommended OpenSSL version 1.0.1 or higher

SUPPORTED
PHP Depends on curl & OpenSSL (v1.0.1) version of the system. OpenSSL v1.0.1 and above support TLS 1.2. Recommended PHP 5.6+. It uses CURL for making API calls and supports CURL version 7.34.0, which has default support for TLS 1.2. PHP 5.5.19 appears to be min version. PHP 5.7 defaults to TLS 1.3. Recommended PHP 5.6+

Recommended OpenSSL version 1.0.1 or higher

Recommended cURL version 7.34.0 or higher

SUPPORTED
Ruby Depends on curl & OpenSSL (v1.0.1) version of the system. OpenSSL v1.0.1 and above support TLS 1.2. Ruby 2+, ensure version of OpenSSL is 1.0.2 or greater, which supports TLS 1.2. Ruby version not strictly enforced currently. Recommended Ruby 2+

Recommended OpenSSL version 1.0.1 or higher

Recommended cURL version 7.34.0 or higher

SUPPORTED

As a certified Avalara integration partner, Encompass can help you manage the maintenance of your Avalara solution and unique business processes. For more information on our partner Avalara and Encompass support services, reach out using the contact us button below.

About Encompass Solutions

Encompass Solutions is a business and software consulting firm that specializes in ERP systems, EDI, and Managed Services support for Manufacturers. Serving small and medium-sized businesses since 2001, Encompass modernizes operations and automates processes for hundreds of customers across the globe. Whether undertaking full-scale implementation, integration, and renovation of existing systems, Encompass provides a specialized approach to every client’s needs. By identifying customer requirements and addressing them with the right solutions, we ensure our clients are equipped to match the pace of Industry.


With so much news and industry coverage concerning information security challenges, the topic is one that is never far from people’s minds. This is especially true when sensitive financial information is being exchanged between systems. Maintaining the latest version of security tools in conjunction with these actions is essential not only for your customers’ peace of mind, but your company’s ability to maintain their confidence. TLS is one of the defining security protocols that make secure data transfer, and by proxy internet commerce, possible. Here’s a bit more background on the subject and why you should be considering making the latest upgrades to your system in order to be in compliance.

Transport Layer Security (TLS)

Transport Layer Security and HTTPS both work in tandem to encrypt the data being sent back and forth between customers and payment service providers such as credit card companies and digital wallets like PayPal.

Experiencing issues with payment processing? Upgrade your POS/PMS solution today and ensure you meet today’s Payment Card Industry Data Security Standards (PCI DSS) using TLS, and are able to process credit card payment without interruption. Not sure how to go about it? Contact Encompass Solutions experts to get your system up-to-date.

Using PayPal as an example, the payment service provider made a service-wide upgrade to TLS 1.2 just last month. The upgrade made it mandatory for businesses using the service maintain the same version to enact payment transactions through their business. This means support for TLS 1.0 and 1.1 has been discontinued and businesses maintaining those versions will find their ability to use PayPal for payments and order processing no longer in effect.

On the client side, all it takes is a properly updated browser to ensure the latest TLS protocols are in place. Here is a breakdown of which browsers and their versions are following the latest TLS protocols:

On the provider-side things get trickier. Encompass works with many manufacturers utilizing Epicor ERP software, so we’ll use this as an example. However, any similar software or ERP platforms your business operates on will likely utilize the same protocols to protect electronic data exchanges. Therefore, the practical application remains the same. Businesses operating on legacy versions of the Epicor ERP platform, primarily those on 8.3 and prior, are most significantly impacted. With many of these businesses so far behind on technology, they’re quickly realizing the true cost of waiting until the problem is upon them, rather than staying ahead of the curve with regular updates. That’s why it’s so important to maintain a recent version of Epicor, and any other ERP product, for that very reason.

You may think that a current SSL certificate is enough, but this only addresses security when it comes to incoming web traffic to your server. You need an up-to-date protocol in place that addresses the connections your server is making to other services, such as credit card and other payment services providers.

Get Up To Speed And Avoid Downtime

To begin, take a good look at your Epicor ERP system. Is it version 10.X or above? That’s a tremendous step when it comes to ensuring you’re following alongside modern security standards. Maintaining the most up-to-date version of Epicor will ensure your operations are never compromised by changing industry standards. You’ll always be caught up with industry standards as long as you’ve got your business running on the latest version of Epicor.

If that’s not the case and you’re on an older version of Epicor, you may find your business quickly being outpaced by an industry in line with every effort to maintain the most modern standards of technology and security. Because industry and commerce are constantly at odds with malicious activity in a digital landscape, it’s important to maintain a framework that addresses those potential risks and places adequate security to obstruct their path.

About Encompass Solutions

Encompass Solutions, Inc. is an ERP consulting firm and Epicor Platinum Partner that offers professional services in business consulting, project management, and software implementation. Whether undertaking full-scale implementation, integration, and renovation of existing systems or addressing the emerging challenges in corporate and operational growth, Encompass provides a specialized approach to every client’s needs. As experts in identifying customer requirements and addressing them with the right solutions, we ensure our clients are equipped to match the pace of Industry.