Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
Beginning on or after April 13, the Dropbox API will require that calls use TLS 1.2 or greater. Traffic using TLS 1.0 or 1.1 will be rejected.
The latest Dropbox SDKs will select TLS 1.2 when available in the environment, but versions over two years old may require an update. In particular, users of the Dropbox Java SDK should update to v3.1.1 (released June, 2019) or later & Dropbox Python SDK should update to v8.4.1 (released November, 2017) or later.
TLS 1.2 has been the default on major mobile & desktop operating systems since 2014. Developers whose application may be run in older or unusual environments should investigate to ensure compatibility.
Please ensure your apps use TLS 1.2 when connecting to the Dropbox API.
Hi Greg. It would be good to clarify the exact versions involved here for various SDKs. Just to recap what the original email sent out in Aug 2021 said:
1) SDKs over two years old may need updating (so I presume from Aug 2019 and earlier).
2) The Java and Python SDKs have specific versions that need updating to
Based on that I had no concerns since I was not using an SDK that old, and was not using either of the SDKs mentioned. So I am a little surprised to see you mention that the Obj-C SDK may need updating to late 2020, since this is obviously later than 2019, and the SDK was not mentioned in the original email. Could you please clarify what is the exact minimum version number of the SDK required to update to for the following versions of the SDK:
1) Objective-C
2) .NET
Many thanks.
@Mark R.5 Thanks for the feedback. To clarify, I was not indicating that one would be required to update to an Objective-C SDK from late 2020. Rather, I was responding to Robert's specific question and confirming that such as version should be sufficient. I don't have specific versions of the Objective-C and .NET SDK to note. The system should automatically use the latest available version. The Java and Python SDKs were only called out in particular since those were more recent and contained code that would affect the version used. If you need help confirming anything for your app(s) in particular, please open an API ticket.
Ah, I see. I read the date 11/3/2020 as being in March (being based in the UK), so assumed you were suggesting that he update to a later SDK. I see now that he meant (or at least you thought he meant) that it was an SDK from November, which you were confirming should be fine. All good.
Even without a specific test for use of the deprecated protocols, there is one thing Dropbox could do to help us know if we have a problem with our latest version. In the e-mail that goes out to developers telling them that they detected "some activity" with the deprecated protocols, why not include something more quantitative? Tell us, for instance, the percentage of deprecated uses. If our current versions are indeed faulty, then 100% of the accesses will involve the deprecated protocols. But if only 7% of the accesses are problematic, then we can rest easy knowing that the 7% must represent users who have not updated their apps. Dropbox has the data, right?
@Robert S.138 Thanks for the feedback/idea! I can't make any promises myself, but feel free to open an API ticket if you'd like to request specific help/information.
We are currently updating our apps to comply this change. But development, testing and user update will take much more time. We ask Dropbox to extent the deadline.
Thanks for the consideration.
We are using libcurl and are sure it will fall back to the appropriate protocol as reported by the Dropbox API server. However, the final results depend upon the configuration of the server too.
Is there a way to test or simulate the API server changes before 13th?
@Eric Z.6 Thanks, I’ve sent your feedback along to the team.
@enpapi The Dropbox API servers currently support TLS 1.2 and will continue to do so after support for TLS 1.0 and 1.1 is disabled. Dropbox doesn't offer a way to simulate the new server configuration, but I'll pass this along as a feature request. I can't promise if or when that might be implemented though.
Dear Greg,
My Android application has been upgraded last year to use Dropbox-Core-SDK 4.0.0 dated 30.3.2021. I am also using okhttp-3.11.0 from August last year.
I am very concerned that my Android app may not be fully compatible with the TLS 1.2 protocol, required from April 13.
How can I check to ensure my Android application is fully compatible with Dropbox TLS 1.2 requirements ?
Please advise.
Kind regards
Mariusz
Hi there!
If you need more help you can view your support options (expected response time for a ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!