Security Upgrade: Tealium Collect Ends Support for TLS 1.0/1.1

TealiumJustin
Community Manager
Community Manager

TLS (Transport Layer Security) is the protocol for establishing secure communication over HTTPS. Due to evolving internet standards, support for the older TLS 1.0 and TLS 1.1 has been deprecated across the major web browsers and TLS 1.2 is now the recommended minimum. 

What is changing?

Update Planned for June 1st, 2021
Tealium has security standards that require our endpoints to use TLS 1.2 and to end support for TLS 1.0/1.1. This also includes ending support for non-secure connections over HTTP.

This update affects the following Tealium Collect endpoints:

  • datacloud.tealiumiq.com
  • collect.tealiumiq.com
  • uconnect.tealiumiq.com

While these endpoints already support TLS 1.2 as a security best practice, they also support TLS 1.0/1.1 for backwards compatibility. This update will end that support for TLS 1.0/1.1.

After June 1, 2021, Tealium Collect will no longer support TLS 1.0/1.1 encryption.

What is the impact?

The impact to users will be minimal since modern browsers already default to using TLS 1.2. According to the Google Security Blog, "only 0.5% of HTTPS connections made by Chrome use TLS 1.0 or 1.1." We estimate the impact to Tealium Collect to be less than 0.1% of all events collected.

Starting June 1, 2021, Tealium Collect endpoints will no longer accept requests from older web browsers and devices that do not support TLS 1.2 (or newer). Similarly, requests to Tealium Collect endpoints using HTTP (non-secure) will result in the response 301 Moved Permanently.

What do I need to do?

In most cases, you won't need to take any action. The default behavior of the Tealium Collect tag and mobile library is not affected. Visitors to your brand site or mobile app that use the default Tealium Collect installation will not be affected.

However, if you have a customized implementation of Tealium Collect that uses a hard-coded HTTP endpoint, then you are affected. Update any HTTP Tealium Collect endpoints to use HTTPS or the default endpoint.

The most common example would be a Tealium Collect tag with the Server field set to a custom URL using http://, as seen here:

tealium-collect-endpoint-override-http.png

Simply update the URL to use https:// and publish the changes.

For mobile apps, if you override the default Tealium Collect endpoint with a custom URL using http:// , then change the URL to use https://.

Additional Resources

 

0 Kudos
Public