Deprecating support for TLS 1.0 and TLS 1.1
Scheduled Maintenance Report for Plivo
The scheduled maintenance has been completed.
Posted Nov 03, 2020 - 07:15 UTC
In progress
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Posted Nov 03, 2020 - 07:00 UTC
What is changing?

To continue keeping communication and information exchange between you and Plivo secure, we are planning to deprecate older security protocols TLS 1.0 and TLS 1.1 due to several vulnerabilities associated with them. After the final deprecation timeline on November 3rd, 2020, requests using TLS 1.0 and TLS 1.1 will not be served. All requests will have to be made using TLS 1.2.

When is the change?

The deprecation deadline is November 3rd, 2020. Make sure you have upgraded and tested your applications to negotiate TLS 1.2 with the following endpoints:
Why the change?
TLS 1.0 and TLS 1.1 use the SHA-1 algorithm and weaker cipher suites for authenticating identities.

However, it has become dangerously weak due to several vulnerabilities identified in its suite. These vulnerabilities could potentially allow attackers to sniff your connection.

The greater enhancement in encryption of TLS 1.2 allows it to use more secure hash algorithms such as SHA-256 as well as advanced cipher suites, providing improved security when using Plivo services.

How do we change?

The upgrade process is usually a non-disruptive process. However, you will have to make sure your applications are updated and support TLS 1.2. Additionally, if you are using Plivo SDKs, ensure they are updated to the latest version. The below endpoints would be enforced with TLS1.2 :

Plivo API:

What is the impact?

On November 3rd, 2020, we will reject TLS 1.0 and TLS 1.1 requests sent to below endpoints:

If you have any questions or concerns about these changes, kindly get in touch with us through our Support Portal.
Posted Apr 20, 2020 - 14:42 UTC
This scheduled maintenance affected: Voice API (REST APIs and XML, Recordings) and PHLO.