As you will no doubt be aware, security on the internet is an ever-evolving activity, and as such TLS1.0 and TLS1.1 is actively being retired from many services. This is due to known vulnerabilities that directly impact the integrity and security of communications, and these vulnerabilities are unable to be fixed in this older version of TLS.
MYOB is dedicated to ensuring the security of our client's data and in 2017 our API infrastructure was upgraded to support TLS1.1 and TLS1.2 while allowing TLS1.0 connections as a fallback. Now is the time for us to remove this fallback, so as of 26th March 2020 the MYOB API will no longer accept connections using TLS1.0 and TLS1.1, which also aligns with the removal of TLS1.0 and TLS1.1 from major browsers.
What will happen?
If you are using TLS1.0 or TLS1.1 and you choose to do nothing, your calls to our API will be blocked and will fail. These calls will be considered insecure and will be blocked at the gateway.
What do I need to do?
You need to upgrade your infrastructure to ensure your API calls are using TLS1.2 or greater, you will no longer be able to use TLS1.0 and TLS1.1. You will need to look at the impact of this and the changes may be required for your calls to the MYOB API.
If your servers already support TLS1.2 or greater, there is nothing else to change.
I use the .NET SDK what do I need to do?
Technically, nothing provided the underlying .NET framework you are using is setup to use TLS1.2 you are fine. The SDK will rely on your framework. However, it's as good a time as any to suggest making sure you are up-to-date with the SDK - download it here.