MSLA API TLS Version Upgrade

Summary:

For MSLA Customers that receive MSLA data via an API, we need to inform you that we will be upgrading our API gateway from Transport Layer Security (TLS) version 1.0 to 1.2.

• Upgrading the TLS version improves the protection of web applications and the associated data.

• After this upgrade, TLS 1.0 and 1.1 would not be supported.

All customers who receive MSLA sample data via API must ensure their existing code will be capable of accepting the data from TLS 1.2 endpoints.

This change is scheduled to take place on January 17, 2022. Customers risk integration failures if the appropriate updates are not made before this change is applied.

If you need help on this matter, either before or after this change, please contact your normal Mobil Serv help desk, Distributor contact, or other ExxonMobil representative.

Who could be impacted by this change?

This change applies to customers/users that receive data via API.

• Note: The generation of the report is not impacted.  Only those receiving the sample data by API need to confirm they can accept API TLS version 1.2.

There are several ways that MSLA customers can receive or export their sample result data. Two of these methods utilize an API:

1. Sample Data Subscription communication via API Hook option.

   • Go to the User profile to see the sample data subscriptions

   • Click the data subscription

   • If the subscription has “API Hook” option selected à check if your system can accept data from an API with 1.2.

   • If API Hook is NOT selected, no further action is needed.
     
     More information can be found here: Sample Data Subscriptions
     

     

2. Using the Sample Data Restful API directly to call and return the data.

• More info at: https://help.msla.ucld.us/docs/RESTful-API-Documentation.572948494.html

How to determine your current TLS version:

If you are using Postman, you can check the connection properties by clicking the “globe with a lock” icon after making a successful request, and one of the pieces of information shown will be the TLS version:

Errors you might receive if you are not on the right TLS version:

1. If your server doesn’t support TLS 1.2 (or higher version), or if it is disabled in Postman, you won’t have the globe icon mentioned above, and this message will display:

2. “The request was aborted: Could not create SSL/TLS secure channel” suggests that your app is written using the .NET Framework. By default, the framework does not have the latest ciphers enabled for one reason or the other. Before executing the web request, they will want to ensure that the correct ciphers are enabled/disabled in the ServicePointManager, by using the following statements:

ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;
ServicePointManager.SecurityProtocol &= ~SecurityProtocolType.Tls11 & ~SecurityProtocolType.Tls & ~SecurityProtocolType.Ssl3;

If SecurityProtocolType.Tls12 is not available in the SecurityProtocolType Enum, then you will need to update their version of the .NET Framework.

FAQs:

What is an API?

• An API is a method for transmitting data between systems.

What is TLS?

• TLS is a widely adopted security protocol designed to facilitate privacy and data security for communication between web applications and servers. The three main components to what the TLS protocol accomplishes are encryption, authentication, and integrity. TLS encryption can help protect web applications from data breaches and other attacks.

If I only use the MSLA sample report, either as a pdf or the online version, am I impacted?

• No. The generation of the report is not impacted.  Only those receiving the sample data by API need to confirm they can accept API TLS version 1.2.