Effective January 4th 2016 www.iformbuilder.com will only support TLS 1.2.
*If you connect to companyname.iformbuilder.com, you may disregard this message.
This upgrade is required to keep current with best practices around securing web applications and will impact older Android and iOS devices which can't upgrade to the latest software and receive new security patches.
PLEASE NOTE: The testing period has ended. tls12.iformbuilder.com is no longer a valid URL. Please switch your devices back to iformbuilder.com
If your device is not supported, you may see an error that says "No peer certificate". Please try to upgrade the OS on your device and also iForm and try again.
*This includes any integration scripts that also connect to the server to read or write data.
If you have a large number of devices that aren't supported, please contact us to discuss upgrading to a Growing plan so the account can be migrated to a different environment.
Should you have any questions or concerns regarding the change, please post any problems or solutions you have in the comments below and we will update the article with FAQ.
UPDATE
Due to the amount difficulties some of you have been experiencing with the new security upgrades, our engineers have developed a long term, albeit less secure, solution to alleviate the troubles you’re experiencing.
For those receiving the peer certificate error and do not wish to upgrade the device or your iFormBuilder plan, you can now point your devices to tls10.iformbuilder.com and upload without any issue.
We can’t stress enough that this should be used as a last resort solution for you and your team as the security upgrades we made are important to maintaining the high-security standards we’ve always abided by here at iFormBuilder.
Thanks,
Tony
Comments
15 comments
This affects only those accounts on iformbuilder.com
However, if you have a dedicated database and you're interested in having greater security on the server side, we can move you into an environment that supports TLS 1.2. If you want to test it out, you can sign up for a free iFormBuilder account and test it by using the tls12.iformbuilder.com URL.
What is TLS 1.2.? I am just getting started with iformbuilder.com I have Android Turbo 2 phone.
I am late to the conversation but was not aware of this change until the email reminder this week. I have notified support of my concerns via chat, but I thought it would be a good idea to put a post up here for everyone else to see.
From my research this change will render EVERY android phone running stock android software less than Lollipop useless with the iformbuilder platform. That's huge. Only 25% of android devices have been updated to lollipop. None of our field devices will be usable – they all run KitKat or lower. Telling us to simply update our OS is a bit ridiculous, as updates come from manufacturers when they come. Most android devices in the world don't have available lollipop updates, and they likely never will. Generally only flagship devices get these sorts of updates, not the sorts of mid-range devices that are affordable for field work.
Someone high up needs to at least realise this. Even better they should alleviate concerns of your paying customers as to other options besides forking out a bunch more money to get private databases. I should state that I appreciate this is a necessary change, but there are solutions to get TLSv1.2 working on older devices – I am not sure if these links are helpful as they are based on SSLEngine (does iform use this?) - http://stackoverflow.com/questions/24357863/making-sslengine-use-tlsv1-2-on-android-4-4-2
http://www.jordanrejaud.com/android/2015/09/19/android-tls-ssl-engine.html
Hi Toby, Android OS 4.4.2 should have a strong enough encryption library to connect over TLS 1.2 Have you tried testing your hardware against the tls12.iformbuilder.com server to see if you can login to your account?
Tony, I have Android 4.4.2 too on Samsung Galaxy Tab 3. I trield tls12.iformbuilder.com and couldn't connect. (I got the message "No peer certificate").
Hi Mauricio, thanks for reaching out and yes it does seem not every device running 4.4.2 has strong enough encryption libraries to communicate over TLS12 so you would need to follow the suggestions above to upgrade the OS, acquire new hardware, or move to a Growing plan.
All the best,
Tony
The upgrade is complete and all traffic will be forced to go over TLS1.2
Hi Tony. When last we spoke I was given the impression that you would be running a legacy server for all users who found themselves with hardware unable to connect with the new encryption level. Has that changed now?
Hey, all. Please note that with this security upgrade, accounts on iformbuilder.com will no longer be able to integrate with Klipfolio.
Please take a look at the links that Toby sent on Nov,19th.
It seems that if that small piece of code would be included in iForm, then Android 4.1 and upper versions would work well with the news changes.
I am a little disappointed in the communication of this change. None of our KitKat devices work (4.4.4) and as indicated above even SAMSUNG devices running 4.4.2 can't connect. I was told we would have some time to sort out a solution, but we are now only given 60 days to purchase new devices.
If you look at it from a cost perspective, we paid $1000 to subscribe to the Starter plan (no dedicated database) for one year. Half way through that year we are told that we wont be able to access the system with our current hardware (6 months old), and that our options are to spend another $5000 to access a Growing plan (dedicated database) or to purchase new devices ($500 per device, we have 5). Once again I will state that telling people to upgrade their OS on their Android devices is quite frankly insulting - we don't get to choose when updates are available and if this was an option we would have already done it...
Not only does this put us in an awkward position where we need to decide if spending at least $2500 to continue using the service is worth it to us. We can also now not help but question what the long term accessibility of the system is - what is to stop something similar occurring in another 6-12 months?
Hi Toby, I appreciate your feedback and understand your position. We do try to avoid breaking changes and honestly this degree of change is not common. This is not to say new standards won't emerge over the coming years that need to be adopted and may result in a similar outcome for older hardware / software configurations.
This change is not done to harm anyone and I do apologize for the disruption this has caused. If you have any further questions, please don't hesitate to contact us.
Hi, all
Due to the amount difficulties some of you have been experiencing with the new security upgrades, our engineers have developed a long term, albeit less secure, solution to alleviate the troubles you’re experiencing.
For those receiving the peer certificate error and do not wish to upgrade the device or your iFormBuilder plan, you can now point your devices to tls10.iformbuilder.com and upload without any issue.
We can’t stress enough that this should be used as a last resort solution for you and your team as the security upgrades we made are important to maintaining the high-security standards we’ve always abided by here at iFormBuilder.
Please let us know if you have further questions.
Hi Joe / Tony
That is great news, thank you for listening to our concerns! Can I ask how long term this solution is? I am trying to convince management to replace our devices but it may take some time.
Please sign in to leave a comment.