Security Update on Transport Layer Security 1.0 and 1.1 Deprecation

Looking Out for Our Team, Customers, and Community

Today we announce our intent to disable Backblaze B2 Cloud Storage support for
Transport Layer Security (TLS) versions 1.0 and 1.1, effective April 9, 2021, because of vulnerabilities that can potentially be exploited with these older versions. We’ll continue to support TLS 1.2 and 1.3 with their stronger cryptography.

This move likely won’t come as a big surprise given that a number of technology companies including Apple, Microsoft, and Mozilla have done likewise. Several prominent, security-minded industry groups have also previously mandated deprecation of the older TLS versions given the sensitivity of their data.

For the very small fraction of B2 Cloud Storage customers who find themselves affected by this action, you’ll want to visit your web browser’s advanced settings to make sure you’re using a newer TLS version—they all support TLS > 1.2. And if you’re transmitting data to the Backblaze Storage Cloud via one of our software integration partners, you’ll want to make sure you’re using the latest version of their software too because they also support newer TLS versions.

This is one of those “sorry not sorry” situations: we regret that this action will cause a brief inconvenience for a small subset of users, yet we know that this is the fundamentally right thing to do when the security of your precious data is paramount.

Why now? Deprecation planning was already underway, but we opted to accelerate the timeline to better align with recent 2021 National Security Agency Cybersecurity Information guidance. This report emphatically recommends only the newer TLS 1.2 and 1.3 be used given their more robust protections.

Of course, if you have any questions or need some help with this, don’t hesitate to comment below or reach out to our Support team.


About Jeremy Milk

Jeremy Milk is a storybuilder who heads the Backblaze Product Marketing team. He's spent more than two decades honing his craft in product and consumer goods marketing leadership roles at companies including Intuit, WePay (acquired by JPMorgan Chase), and The Clorox Company. Outside the office, he can often be found near a soccer field, on a running trail, or fueling on coffee and tacos. Follow him on LinkedIn or Twitter.