Published: March 8, 2024

Summary

In order to align with industry security and data integrity best practices, and due to known vulnerabilities found in TLS versions <1.2, Liferay has decided to deprecate TLS 1.0 and 1.1.

Details

In order to address the following 3 main concerns, Liferay PaaS will only support TLS 1.2 or later for all connections.

• Security Vulnerabilities
  • TLS 1.0 and 1.1 contain several security flaws that, if exploited, render data transmitted over the network vulnerable to attackers.
• Interoperability
  • Many industry leading software companies have set TLS 1.2 as the minimum requirement to connect to their servers, endpoints, and applications.
• Credibility
  
  • Leveraging outdated security protocols undermines the credibility of our business and yours. End users will begin to lose trust in the security of sites that are not updated to TLS 1.2 or above.

Resolution

No action is needed on your end to complete this deprecation and migration process to TLS 1.2. Environments running TLS 1.0 and 1.1 will be updated to TLS 1.2 by Liferay starting on the date below. Please be sure that any integrated software you have in place is compatible with TLS 1.2 before the migration. If you need to delay the migration, please submit a ticket to Liferay Support.

Timeline

• March 26, 2024
  • TLS 1.0 and 1.1 will no longer be supported

Additional Information

If you encounter any issues or have questions about these changes, please submit a ticket and Liferay Support will be happy to assist.