cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Are you interested in hearing how one of our Community members uses Dropbox for sailing trips? Read all about it here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Reminder: The Dropbox API will no longer accept TLS 1.0 or 1.1

Reminder: The Dropbox API will no longer accept TLS 1.0 or 1.1

Greg-DB
Dropbox Staff

Beginning on or after April 13, the Dropbox API will require that calls use TLS 1.2 or greater. Traffic using TLS 1.0 or 1.1 will be rejected.

 

The latest Dropbox SDKs will select TLS 1.2 when available in the environment, but versions over two years old may require an update. In particular, users of the Dropbox Java SDK should update to v3.1.1 (released June, 2019) or later & Dropbox Python SDK should update to v8.4.1 (released November, 2017) or later.

 

TLS 1.2 has been the default on major mobile & desktop operating systems since 2014. Developers whose application may be run in older or unusual environments should investigate to ensure compatibility.

 

Please ensure your apps use TLS 1.2 when connecting to the Dropbox API.

22 Replies 22

Mark R.5
Helpful | Level 5

Hi Greg. It would be good to clarify the exact versions involved here for various SDKs. Just to recap what the original email sent out in Aug 2021 said:

 

1) SDKs over two years old may need updating (so I presume from Aug 2019 and earlier).

2) The Java and Python SDKs have specific versions that need updating to

 

Based on that I had no concerns since I was not using an SDK that old, and was not using either of the SDKs mentioned. So I am a little surprised to see you mention that the Obj-C SDK may need updating to late 2020, since this is obviously later than 2019, and the SDK was not mentioned in the original email. Could you please clarify what is the exact minimum version number of the SDK required to update to for the following versions of the SDK:

 

1) Objective-C

2) .NET

 

Many thanks.

Greg-DB
Dropbox Staff

@Mark R.5 Thanks for the feedback. To clarify, I was not indicating that one would be required to update to an Objective-C SDK from late 2020. Rather, I was responding to Robert's specific question and confirming that such as version should be sufficient. I don't have specific versions of the Objective-C and .NET SDK to note. The system should automatically use the latest available version. The Java and Python SDKs were only called out in particular since those were more recent and contained code that would affect the version used. If you need help confirming anything for your app(s) in particular, please open an API ticket.

Mark R.5
Helpful | Level 5

Ah, I see. I read the date 11/3/2020 as being in March (being based in the UK), so assumed you were suggesting that he update to a later SDK. I see now that he meant (or at least you thought he meant) that it was an SDK from November, which you were confirming should be fine. All good.

 

Robert S.138
Helpful | Level 7

Even without a specific test for use of the deprecated protocols, there is one thing Dropbox could do to help us know if we have a problem with our latest version.  In the e-mail that goes out to developers telling them that they detected "some activity" with the deprecated protocols, why not include something more quantitative?  Tell us, for instance, the percentage of deprecated uses.  If our current versions are indeed faulty, then 100% of the accesses will involve the deprecated protocols.  But if only 7% of the accesses are problematic, then we can rest easy knowing that the 7% must represent users who have not updated their apps.  Dropbox has the data, right?

 

Greg-DB
Dropbox Staff

@Robert S.138 Thanks for the feedback/idea! I can't make any promises myself, but feel free to open an API ticket if you'd like to request specific help/information.

Eric Z.6
Explorer | Level 3

We are currently updating our apps to comply this change. But development, testing and user update will take much more time. We ask Dropbox to extent the deadline.

 

Thanks for the consideration.

enpapi
New member | Level 2

We are using libcurl and are sure it will fall back to the appropriate protocol as reported by the Dropbox API server. However, the final results depend upon the configuration of the server too.

Is there a way to test or simulate the API server changes before 13th? 

Greg-DB
Dropbox Staff

@Eric Z.6 Thanks, I’ve sent your feedback along to the team.

Greg-DB
Dropbox Staff

@enpapi The Dropbox API servers currently support TLS 1.2 and will continue to do so after support for TLS 1.0 and 1.1 is disabled. Dropbox doesn't offer a way to simulate the new server configuration, but I'll pass this along as a feature request. I can't promise if or when that might be implemented though.

MarioEM
Helpful | Level 6

Dear Greg,

My Android application has been upgraded last year to use Dropbox-Core-SDK 4.0.0 dated 30.3.2021. I am also using okhttp-3.11.0 from August last year.

I am very concerned that my Android app may not be fully compatible with the TLS 1.2 protocol, required from April 13.

How can I check to ensure my Android application is fully compatible with Dropbox TLS 1.2 requirements ?

Please advise.

Kind regards

Mariusz

 

Need more support?