geoPlugin support for TLS 1.2?

61 views
Skip to first unread message

P Morais

unread,
Nov 18, 2018, 5:54:53 AM11/18/18
to geoPlugin
Hi geoPlugin Team,

Are there any plans to upgrade gP's SSL service to TLS 1.2?
At the moment, gP only supports TLS 1.0, which is now considered obsolete and insecure. Recently, some of our customers have informed us that their network security policy will now block any services still using TLS 1.0.

This means our gP integration on our platforms has stopped working for these customers and they're not able to access critical functionality.
Is there an upgrade in the near future?


Thanks,
Pedro
 

geoPlugin Support

unread,
Nov 18, 2018, 8:48:13 AM11/18/18
to geop...@googlegroups.com
Hi Pedro,
We have been aware of this for some time but our aging load balancer
didn't support tls1.2
As all browser support 1.0, we have been procrastinating on updating the
load balancer (given the traffic we handle, getting it up and running
with minimum downtime was never going to be easy!)

As it's likely more and more networks will push forward with tls v1.2,
(although why they would actively block 1.0 is strange - it is obsolete
but not insecure per se), as well as other requests on the support
email, we have pushed forward with a new load balancer.

We were able to switch over with no downtime by having both running on
different IPs and switch over to the new one via a DNS switch. That way,
we could iron out any errors as traffic started moving over slowly to
the new LB.
The new LB is now up to ~2.8k requests a second, with the old one
handling ~1k/s at time of writing (the graphs on geoplugin.com are now
using the new LB, hence the dip) and all issues have been squashed.

Once DNS has been fully propagated (max 24h), you should be able ok.

We flushed the ssl.geoplugin.net A entry in Google DNS (ssllabs uses
google DNS apparently) and that's now resolving correctly. If your
server uses Google DNS (8.8.8.8), you should also be fine.

https://www.ssllabs.com/ssltest/analyze.html?d=ssl.geoplugin.net

We get a shiny "A" badge, which is good enough for us!


Kind regards,
Andy
> --
> You received this message because you are subscribed to the Google
> Groups "geoPlugin" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to geoplugin+...@googlegroups.com.
> To post to this group, send email to geop...@googlegroups.com.
> Visit this group at https://groups.google.com/group/geoplugin.
> For more options, visit https://groups.google.com/d/optout.

pedro....@bloomsbury.com

unread,
Nov 19, 2018, 5:30:32 AM11/19/18
to geoPlugin
Hi Andy,

Thanks very much for the quick response. Glad to see that shiny "A" badge.
Our customers are mostly academic institutions (colleges, universities, etc.), which is probably why they're more security conscious about these things.

Anyway, I've just checked with one of them and it seems to be working fine, so we'll let the rest know.

Cheers!

Pedro


Reply all
Reply to author
Forward
0 new messages