HMRC Ending Support for TLS versions 1.0 and 1.1
Question:
We use your system to submit to VAT returns to HMRC using Making Tax Digital.
Does this TLS stuff mean anything to you? The only reference I can see to it in the code is setting a TLS Boolean to true, which doesn’t specify a version?
(This is a portion of the notice from HMRC)
“Your application should now have been configured to TLS version 1.2 or higher. If you haven’t yet implemented the change, we will be enforcing the TLS 1.2 protocol in the Developer Sandbox before enforcing this change in our Production environment.”
Answer:
If you are using a version of Chilkat release in the last ~3 years, there is nothing you need to do. In general, applications are not “configured” to use a particular version of TLS. Making a statement such as this reveals a lack of understanding of the TLS protocol. This is how the TLS protocol works. The client (such as Chilkat or a web browser) makes a TCP connection to the server and sends a “Client Hello” message. The ClientHello message, among other things, tells the server what versions of TLS the client supports. Chilkat will say “Hello Mr. Server, I can do TLS 1.0, 1.1, or 1.2”. The server then replies with a ServerHello, which says “OK, let’s use TLS 1.2”. And so TLS 1.2 is used.
It is the *server* that makes the TLS version choice, not the client.
Let’s say you hard-code TLS 1.2 into your client application so that you send a ClientHello message that says “Hello Mr. Server, I can only do TLS 1.2”. The server replies, “Fine, we’ll use TLS 1.2”. But perhaps a few years later the server no longer supports TLS 1.2 and now requires TLS 1.X. Your application will need to be updated.
It’s better to stay current with the software that is doing the TLS. A few years from now, the Chilkat ClientHello message will say “Hello Mr Server, I can do TLS 1.0, 1.1, 1.2, … 1.X”, and the server will choose what it wants. As long as you stay current (i.e. don’t let too many years go by without updating the version of Chilkat (or something else)), then things continue running smoothly.