This offer is only addressed to commercial customers including freelancers and entrepreneurs. All prices are exclusive of value added tax (VAT).
  • Share via email
  • Subscribe to blog alert

Bosch IoT Rollouts updates TLS configuration

Dear Bosch IoT Rollouts Customer,

What & when?

The current setup for Bosch IoT Rollouts (EU1) supports TLS versions 1.0, 1.1, and 1.2. Our goal is to always offer an up-to-date and secure service. However, TLS version 1.0 and 1.1 have been considered insecure (cf. [1]).

From 01.07.2021 on, Bosch IoT Rollouts will no longer support TLS versions 1.0 and 1.1. The list of supported TLS cipher suites will remain unchanged.

For the transition phase, starting today, we offer test endpoints (see below). You can use them to ensure that your devices are compatible with the restricted set of TLS versions. These changes will affect our Management API and UI, as well as the Direct Device Integration (DDI) API.

Consequences?

We monitored the used TLS versions for client connections for some time: No connections with TLS version 1.0 and 1.1 were observed. Hence, migrations to the new TLS policy is expected to go without problems. However, if your devices do not support TLS 1.2, they will no longer be able to connect to Bosch IoT Rollouts after 01.07.2021.

As a customer having a Starter or Standard plan §15.3 Changes of the Service and the Terms and Conditions of the SaaS Terms and Conditions applies [2]: “[…] If Customer does not object within 30 days of receipt of the notification and continues to use the Service after expiry of the period for objection, then the changes shall be deemed to have been effectively agreed as from the expiry date of the time limit. In the event of an objection, the contractual relationship shall be continued subject to the conditions applying hitherto. If an objection is raised, Provider is entitled to terminate the contractual relationship subject to a one (1) month’ notice period.

How to test?

For the testing purposes, we offer endpoints having the future TLS policy. Please note, that this is only a temporary testing environment. As soon as we apply the TLS policy to the standard endpoints, the testing endpoints are shut down. You should therefore not connect any productive devices to these test endpoints. If you have any problems when testing, please let us know.

The test endpoints, serving the future TLS version and cipher suites are as follows:

Please note, that these endpoints are only for testing purposes and may be subject to change without prior notification. Also, we do not guarantee any SLA on these endpoints.

If you have any further questions, do not hesitate to contact us.

Yours sincerely
Bosch IoT Rollouts team

 

[1] https://tools.ietf.org/html/rfc7525#section-3.1.1

[2] https://developer.bosch-iot-suite.com/legal/terms-and-conditions/