Notice: Twilio REST API’s TLS and Cipher Suite Security Changes for June 2019

We value the trust you place in us and work diligently to maintain that trust. As part of that commitment, we are deprecating older security protocols that do not meet current industry standards for connecting to our REST API.

Summary

Starting June 26, 2019, our REST API will only support connections that use TLS v1.2 and strong cipher suites. Support for TLS v1.0, v1.1 and weak cipher suites will be removed at that time. Customers running older operating systems or legacy network software may need to upgrade their systems to be compatible with these changes.

Note: This was originally announced May 2018 and postponed from June 2018 to June 2019.

Impact

If you received an email notice from Twilio about this, it is because our logs show your Twilio Project is connecting to our REST API using one of the protocols or cipher suites that will be deprecated in June, 2019. Therefore, action is required on your part to ensure your Twilio service is not interrupted.

Note: Emails titled "Action Required: Twilio REST API Security Changes for June 2019" were sent to Twilio account users who are either Owners, Administrators or Developers for each affected account.
If you did not receive this email notice, then your account is not affected, and no action is required.

Take Action

Using the steps below, we strongly recommend you immediately test your system to determine if it is compatible with the new security requirements. If the test fails, you’ll need to plan for upgrading your system and verifying compatibility between now and June 2019.

Not technical? Send this notice to your developer or IT support team.
Using a 3rd party application to access Twilio? Contact your application provider.

1. TEST

First, check your current system’s compatibility with our test endpoint. Even if you already use the latest Twilio helper library, you still need to test!

Action: Follow our test procedures and use our code snippets to test your system’s compatibility: Monitoring Updates to the Twilio REST API Security Settings.

2. UPGRADE

If you are unable to successfully connect to our test endpoint, you may need to upgrade your operating system’s security components. Twilio’s helper libraries do not need to be upgraded, but you may need to make configuration changes in your application to force TLSv1.2 or update the underlying software dependencies used by the Twilio libraries.

Action: Follow our tips for identifying connection errors and upgrading your environment for compatibility: Tips for Upgrading Your Environment to Support Twilio REST API’s TLSv1.2 and Strong Cipher Suite Changes

3. VERIFY

Once you’ve made the necessary changes, verify your upgraded system can connect successfully to the same test endpoint on port 8443 from your production environment.

Our normal REST API endpoint already supports TLSv1.2 and the strong cipher suites, so you can immediately cut over your production traffic once the changes are verified in your environment.

Action: Verify your upgraded system’s compatibility using our recommended test procedures and code snippets: Monitoring Updates to the Twilio REST API Security Settings.

Additional Resources

If you need assistance beyond these resources, please contact our Support Team.

Have more questions? Submit a request
Powered by Zendesk