NetSuite Will No Longer Support TLS 1.0 or 1.1 as of April 21, 2018

TLS is Transport Layer Security and is an industry standard designed to protect the privacy of information communicated over the Internet. Analysis by the Payment Card Industry Security Standards Council (PCI SSC) has stated that TLS versions earlier than 1.2 include serious vulnerabilities that put organizations at risk of being breached. This is why NetSuite is deprecating support of earlier versions.

How Does This Affect NetSuite?

To improve the security of integrations, it is recommended that clients ensure all inbound and outbound connections to NetSuite use TLS 1.2 as soon as possible. So all connections to the NetSuite user interface, SuiteTalk (web services) integrations, or NetSuite-hosted SuiteCommerce secure (https://) shopping and checkout domains should be using TLS 1.2.

Those who continue to use TLS 1.0 or 1.1 after April 21, 2018 will not have secure communications with NetSuite. As a result, any communications to NetSuite will not be possible. For example, web service calls not using TLS 1.2 will fail.

The following are types of connections that can be affected:

• Browsers – If a client is using an older browser that does not support TLS 1.2, they will get an error when attempting to access NetSuite’s UI, meaning they won’t be able to log in. This affects both regular users of NetSuite and customers accessing NetSuite webstores.
  • The following browsers natively support TLS 1.2:
    • Internet Explorer versions 11 and above
    • Mozilla Firefox versions 27 and above
    • Google Chrome versions 30 and above
    • Safari versions 7 and above
  • The following links contain more specific lists of browsers, including Android OS for those using a mobile app: https://netsuite.custhelp.com/app/answers/detail/a_id/10050 and https://www.ssllabs.com/ssltest/clients.html
• Integrations – If your business upgrades its software and integrations regularly, SuiteTalk (web services) integrations should not be affected by the end of support for early versions of TLS. Integrations will be affected by this change if the company uses integration clients that are now considered outdated, and do not support TLS 1.2, such as integrations built on JDK 1.6 or .Net 4.0. In particular, anyone who uses integration tools such as Celigo, Jitterbit, Informatica, etc. that connect to NetSuite, these integration tools must support TLS 1.2.
• SuiteScripts – Any scripts that use NetSuite’s API for making requests outbound have to be connecting to servers that support TLS 1.2 (nlapiRequestURL and https module in SS 2.0). For example, Homage connects to People Counter via SuiteScript. People Counter must support TLS 1.2. Another example is Forma connecting to Coupa via SuiteScript. Coupa must support TLS 1.2. The same is true with PunchOut2Go.
• SuiteCloud IDE – Anyone using IDE to write and run scripts, and if they are and their client is running on Java Runtime Environment (JRE) version 1.7, there is an update they’ll need to make.
• SuiteAnalytics – SuiteAnalytics drivers must be upgraded to the most recent versions. The older versions do not support TLS 1.2. NetSuite connections that use the SuiteAnalytics driver must support certificate-based server authentication. I understand this requirement was made in January 2017 so if it affected clients, it should have already been addressed.
• NetSuite WMS – Clients must confirm that their RF mobile devices and NSWMS Print Driver Application version support TLS 1.2.

What Can NetSuite Users Do?

• Verify their browsers meet the supported versions.
• Verify any integration tools support TLS 1.2. As long as client’s are using recent versions, this shouldn’t be an issue but should be checked.
• Verify any outbound connections made via SuiteScript supports TLS 1.2. As mentioned above, Homage/People Counter, Forma/Coupa, Magenta/PunchOut2Go are a few examples.
• If your business typically runs integrations at night or over the weekend, plan to run them during the testing window on April 4th. This will help test for any TLS issues before support is dropped on the 21st.

For more information and how to test the TLS connections, visit this SuiteAnswer: https://netsuite.custhelp.com/app/answers/detail/a_id/49076