Today we announce our intent to disable Backblaze B2 Cloud Storage support for Transport Layer Security (TLS) versions 1.0 and 1.1, effective April 9, 2021, because of vulnerabilities that can potentially be exploited with these older versions. We’ll continue to support TLS 1.2 and 1.3 with their stronger cryptography.
This move likely won’t come as a big surprise given that a number of technology companies including Apple, Microsoft, and Mozilla have done likewise. Several prominent, security-minded industry groups have also previously mandated deprecation of the older TLS versions given the sensitivity of their data.
For the very small fraction of B2 Cloud Storage customers who find themselves affected by this action, you’ll want to visit your web browser’s advanced settings to make sure you’re using a newer TLS version—they all support TLS > 1.2. And if you’re transmitting data to the Backblaze Storage Cloud via one of our software integration partners, you’ll want to make sure you’re using the latest version of their software too because they also support newer TLS versions.
This is one of those “sorry not sorry” situations: we regret that this action will cause a brief inconvenience for a small subset of users, yet we know that this is the fundamentally right thing to do when the security of your precious data is paramount.
Why now? Deprecation planning was already underway, but we opted to accelerate the timeline to better align with recent 2021 National Security Agency Cybersecurity Information guidance. This report emphatically recommends only the newer TLS 1.2 and 1.3 be used given their more robust protections.
Of course, if you have any questions or need some help with this, don’t hesitate to comment below or reach out to our Support team.