Executive Summary
Starting with Uniface Service Pack 10.4.04, scheduled for release in mid 2026, support for TLS 1.0 and TLS 1.1 will be removed across all network protocols, including TLS driver, POPMAIL, LDAP, and UHTTP. TLS 1.2 will become the minimum supported version, and TLS 1.3 is strongly recommended for optimal security and performance.
In addition, weak cipher suites will be removed, ensuring that only strong, modern encryption algorithms are used. This change delivers better security, faster performance, compliance readiness, and future-proof integrations.
Why This Change Benefits You
Future-Proof Your Applications
- Libraries like libcurl and OpenSSL are dropping TLS 1.0 and 1.1. In fact, cURL has announced that mid-next year, it will completely remove the ability to enable these protocols.
- By upgrading now, you avoid last-minute disruptions and ensure your applications remain compatible with modern systems.
Stronger Security for Your Business
- Older TLS versions and weak cipher suites expose you to risks such as:
- BEAST and POODLE attacks.
- Downgrade attacks that force weaker encryption.
- Exploits targeting outdated ciphers like RC4, DES, and weak CBC modes.
- Removing these protocols and ciphers means:
- No more insecure algorithms.
- Protection against known vulnerabilities.
- Confidence that your data is encrypted with industry-approved methods.
Compliance Made Simple
- Industry standards require strong encryption:
- PCI DSS v4.0
Requires strong cryptography and explicitly prohibits SSL, TLS 1.0, and TLS 1.1.
PCI SSC FAQ – Does PCI DSS define which TLS versions must be used? - NIST SP 800‑52 Rev. 2
Mandates TLS 1.2 with FIPS-approved cipher suites and requires TLS 1.3 support by January 1, 2024.
NIST SP 800‑52 Rev. 2 – Guidelines for TLS - ISO/IEC 27001:2022
Requires robust cryptographic controls and avoidance of weak algorithms through risk-based assessment.
ISO/IEC 27001 Annex A – Use of Cryptography
- PCI DSS v4.0
- SSL and TLS versions prior to 1.2 are not considered strong cryptography.
- Upgrading now means you stay compliant without scrambling later.
Better Performance
- TLS 1.3 offers:
-
Faster handshakes – less latency for your users.
-
Modern cipher suites – optimized for speed and security.
-
Forward secrecy – even if keys are compromised, past sessions remain safe.
-
- Impact on Uniface Network Protocols
-
TLS Driver: All encrypted connections will require TLS 1.2 or higher.
-
POPMAIL: Secure email retrieval will only support TLS 1.2 or higher.
-
LDAP: Directory services will enforce TLS 1.2 or higher.
-
UHTTP: HTTP-based communication will require TLS 1.2 or higher.
-
Cipher Suites: Weak ciphers (e.g., RC4, DES, 3DES, export-grade ciphers) will be removed.
-
Customer Impact Statement
If your environment still relies on TLS 1.0, 1.1, or weak cipher suites, these connections will fail after upgrading to Uniface 10.4.04. This may affect integrations with legacy mail servers, LDAP directories, or HTTP endpoints that do not support TLS 1.2 or strong ciphers. To avoid service disruption, ensure all connected systems are configured for TLS 1.2 or TLS 1.3 with modern cipher suites before applying the update.
Migration Guidance
- Check Your Environment
- Verify that all servers and clients support TLS 1.2 or TLS 1.3 and strong ciphers.
- Use tools like openssl s_client or curl --tlsv1.2 to test connectivity.
- Update Configurations
-
Remove references to TLS 1.0, 1.1, and weak ciphers in Uniface configuration files.
-
Ensure your SSL/TLS settings specify TLS 1.2 or higher with strong cipher suites.
-
-
Test Before Upgrade
-
Validate all integrations (mail, LDAP, HTTP) in a staging environment.
-
FAQ
Q: What if my server doesn’t support TLS 1.2 or strong ciphers?
A: You must upgrade or replace the server. TLS 1.0/1.1 and weak ciphers are no longer secure and widely unsupported.
Q: Does this affect performance?
A: Yes—TLS 1.3 improves performance compared to older versions.
Q: How do I test connectivity?
A: Use curl --tlsv1.2 https://yourserver or openssl s_client -connect yourserver:443 -tls1_2.
Resources
