Dropping Support for TLS v1.0 and v1.1

On April 1, 2024, Losant will no longer allow Transport Layer Security (TLS) v1.0 or TLS v1.1 connections to our MQTT broker, API server, or incoming webhooks or experience endpoint requests.

Why is Losant dropping support?

TLS v1.0 and TLS v1.1 were deprecated by IETF in March 2021 due to several security concerns. Most major software vendors have since dropped support for those versions of the protocol, including Microsoft’s recent decision to remove any Windows dependencies that allow those TLS versions. Major web browsers also disable those versions by default.

Due to the nature of IoT hardware and the challenges in upgrading, Losant has continued allowing these connections until now; but given the elapsed time since the official deprecation, the evolution of IoT hardware, the precedent set by other major cloud providers, and the relatively few number of users that such a change will affect, we have decided to also drop support for these protocols.

What action must I take?

The vast majority of devices connecting to our MQTT broker through a secure channel are using TLS v1.2 or v1.3. If your devices are using these supported protocols, no action is required and there will be no disruption to your IoT applications.

However, if your applications do have devices connecting over TLS v.1.0 or v1.1, you will receive an email in the next few days listing the devices in question. Before April 1, 2024, you must do one of the following to avoid a potential disruption to your IoT applications:

  • (Recommended) Upgrade your devices to establish MQTT broker connections over TLS v1.2 or TLS v1.3. How to accomplish this depends on your hardware - or in some cases, new hardware may be required.
  • If upgrading is not an option, you may configure your devices to connect insecurely to our MQTT broker (mqtt://broker.losant.com:1883). We will continue to accept insecure connections over that protocol / port, however we strongly recommend establishing secure connections if possible.
  • You may also set up a broker on your local network to act as a bridge between your devices and the Losant cloud broker, with communication between the network and cloud being over a secure connection. This article provides some guidance; note that such a solution requires additional hardware and more advanced setup.

As we approach the removal date of April 1, 2024, we will reach out to those users again if their devices are still not connecting securely with a supported TLS handshake.

What if I have questions?

The best place to ask questions is right here in our forums. We suggest searching for related topics and opening a new conversation if you cannot find the question already asked by another user.

If you need to provide sensitive information, please do not post it in this public forum; instead, you may PM those details to a Losant team member.

Thank you, and stay connected!

The Losant Team