2016 Breaking change (www.iformbuilder.com accounts)

Follow

Comments

15 comments

  • Avatar
    Joe Vetoe

    This affects only those accounts on iformbuilder.com

    However, if you have a dedicated database and you're interested in having greater security on the server side, we can move you into an environment that supports TLS 1.2. If you want to test it out, you can sign up for a free iFormBuilder account and test it by using the tls12.iformbuilder.com URL.

    0
    Comment actions Permalink
  • Avatar
    dan

    What is TLS 1.2.? I am just getting started with iformbuilder.com I have Android Turbo 2 phone.

    0
    Comment actions Permalink
  • Avatar
    Toby

    I am late to the conversation but was not aware of this change until the email reminder this week. I have notified support of my concerns via chat, but I thought it would be a good idea to put a post up here for everyone else to see.

    From my research this change will render EVERY android phone running stock android software less than Lollipop useless with the iformbuilder platform. That's huge. Only 25% of android devices have been updated to lollipop. None of our field devices will be usable – they all run KitKat or lower. Telling us to simply update our OS is a bit ridiculous, as updates come from manufacturers when they come. Most android devices in the world don't have available lollipop updates, and they likely never will. Generally only flagship devices get these sorts of updates, not the sorts of mid-range devices that are affordable for field work.

    Someone high up needs to at least realise this. Even better they should alleviate concerns of your paying customers as to other options besides forking out a bunch more money to get private databases. I should state that I appreciate this is a necessary change, but there are solutions to get TLSv1.2 working on older devices – I am not sure if these links are helpful as they are based on SSLEngine (does iform use this?) - http://stackoverflow.com/questions/24357863/making-sslengine-use-tlsv1-2-on-android-4-4-2
    http://www.jordanrejaud.com/android/2015/09/19/android-tls-ssl-engine.html

    0
    Comment actions Permalink
  • Avatar
    Tony Ruth

    Hi Toby, Android OS 4.4.2 should have a strong enough encryption library to connect over TLS 1.2 Have you tried testing your hardware against the tls12.iformbuilder.com server to see if you can login to your account?

    0
    Comment actions Permalink
  • Avatar
    Mauricio

    Tony, I have Android 4.4.2 too on Samsung Galaxy Tab 3. I trield tls12.iformbuilder.com and couldn't connect. (I got the message "No peer certificate").

    0
    Comment actions Permalink
  • Avatar
    Tony Ruth

    Hi Mauricio, thanks for reaching out and yes it does seem not every device running 4.4.2 has strong enough encryption libraries to communicate over TLS12 so you would need to follow the suggestions above to upgrade the OS, acquire new hardware, or move to a Growing plan.

    All the best,
    Tony

    0
    Comment actions Permalink
  • Avatar
    Tony Ruth

    The upgrade is complete and all traffic will be forced to go over TLS1.2

    0
    Comment actions Permalink
  • Avatar
    Toby

    Hi Tony. When last we spoke I was given the impression that you would be running a legacy server for all users who found themselves with hardware unable to connect with the new encryption level. Has that changed now?

    0
    Comment actions Permalink
  • Avatar
    Joe Vetoe

    Hey, all. Please note that with this security upgrade, accounts on iformbuilder.com will no longer be able to integrate with Klipfolio.

    0
    Comment actions Permalink
  • Avatar
    Mauricio

    Please take a look at the links that Toby sent on Nov,19th.
    It seems that if that small piece of code would be included in iForm, then Android 4.1 and upper versions would work well with the news changes.

    0
    Comment actions Permalink
  • Avatar
    Toby

    I am a little disappointed in the communication of this change. None of our KitKat devices work (4.4.4) and as indicated above even SAMSUNG devices running 4.4.2 can't connect. I was told we would have some time to sort out a solution, but we are now only given 60 days to purchase new devices.

    If you look at it from a cost perspective, we paid $1000 to subscribe to the Starter plan (no dedicated database) for one year. Half way through that year we are told that we wont be able to access the system with our current hardware (6 months old), and that our options are to spend another $5000 to access a Growing plan (dedicated database) or to purchase new devices ($500 per device, we have 5). Once again I will state that telling people to upgrade their OS on their Android devices is quite frankly insulting - we don't get to choose when updates are available and if this was an option we would have already done it...

    Not only does this put us in an awkward position where we need to decide if spending at least $2500 to continue using the service is worth it to us. We can also now not help but question what the long term accessibility of the system is - what is to stop something similar occurring in another 6-12 months?

    0
    Comment actions Permalink
  • Avatar
    Tony Ruth

    Hi Toby, I appreciate your feedback and understand your position. We do try to avoid breaking changes and honestly this degree of change is not common. This is not to say new standards won't emerge over the coming years that need to be adopted and may result in a similar outcome for older hardware / software configurations.

    This change is not done to harm anyone and I do apologize for the disruption this has caused. If you have any further questions, please don't hesitate to contact us.

    0
    Comment actions Permalink
  • Avatar
    Joe Vetoe

    Hi, all

    Due to the amount difficulties some of you have been experiencing with the new security upgrades, our engineers have developed a long term, albeit less secure, solution to alleviate the troubles you’re experiencing.

    For those receiving the peer certificate error and do not wish to upgrade the device or your iFormBuilder plan, you can now point your devices to tls10.iformbuilder.com and upload without any issue.

    We can’t stress enough that this should be used as a last resort solution for you and your team as the security upgrades we made are important to maintaining the high-security standards we’ve always abided by here at iFormBuilder.

    Please let us know if you have further questions.

    0
    Comment actions Permalink
  • Avatar
    Toby

    Hi Joe / Tony
    That is great news, thank you for listening to our concerns! Can I ask how long term this solution is? I am trying to convince management to replace our devices but it may take some time.

    0
    Comment actions Permalink
  • Avatar
    Mark Hohn
    BlueStacks gets peer certificate error now.
    0
    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk