Security Update for API integrations on Legacy Hardware
Security is paramount to our team, and we strive to work ahead of security best practices to keep your account data secure. One such best practice is restricting the ability to communicate with or authenticate our system’s communication using older SSL ciphers or certificate encryption methods.
Effective Dec. 10, 2015, we will cease providing an intermediate Verisign certificate which is encrypted using SHA-1. This certificate is currently provided to allow systems with older CA cert stores to validate Sailthru’s primary SSL certificate. This primarily affects API integrations where the system communicating with Sailthru’s API is significantly (multiple years) outdated.
This effort is in line with industry consensus to move away from SHA-1 entirely, including announcements by Google and Microsoft. For the overwhelming majority of our customers, this change will not affect your integration at all.
If you’re a marketer, your most important action is keeping your system and browser up-to-date with the latest security patches and releases. Any operating system updated in the last twelve months is ready to go and you’ll continue to have uninterrupted access to my.sailthru.com. If you have questions, you should reach out to your IT department to make sure your system is up-to-date.
Developers using our API should ensure the hardware accessing our API is updated to use the most current SSL/TLS encryption methods and up to date CA cert stores. Starting Dec. 10, 2015, SHA-1 encrypted intermediate certs will no longer be provided by Sailthru’s services.
Note that our staff is unable to advise on specific integrations, including the determination of what certificate is being used by a given machine. Customers are advised to work internally with IT and development departments to address this important security fix. If you have additional questions, please contact firstname.lastname@example.org.