- Creating a Passenger Name Record
- APIs are Made for People: Creating Human-Readable Messages
- Sessionless, It’s a State of Mind
- 5 Minutes to Reimagine the Business of Travel
- Spending tons of time creating customer proposals? Here`s how to fix it
- Better Development starts with Better Documentation
- Searching for the best Air offers with the Bargain Finder Max API
- User Feedback Guides the Developer Experience
- One search does not fit all – diversify and create traveler persona rules for Bargain Finder Max
- 3 Big API Trends: My Nordic API Summit Trip Report
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- March 2018
- January 2018
- November 2017
- October 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- January 2017
- December 2016
- November 2016
- September 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- December 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
Share this page
by Tracy Edes
What you need to know about upgrading from SSL and early TLS encryption protocols
Over the past few years, industry Security researchers identified vulnerabilities in the Secure Sockets Layer 3.0 (SSLv3.0), as well as early TLS versions of encryption protocol. In response, the Payment Card Industry (“PCI”) Council, as well as Visa and MasterCard, have issued a mandate that all merchants and service providers configure their systems in a manner to ensure secure connections between relevant system endpoints by June 30, 2018.
In support of this PCI mandate, Sabre will disable the ability to connect to the Sabre APIs using encryption protocol SSLv3.0, and all versions of Transport Layer Security (TLS) before version 1.2.
To connect with any Sabre system or access other PCI-compliant systems, the use of TLS 1.2 encryption will be required to conduct business. Upgrading to TLS 1.2 provides the highest level of protection against known vulnerabilities.
The use of TLS 1.2 is a security requirement regardless if the data being accessed is PCI related or not. As this is an industry-wide initiative, customer IT organizations should be determining what actions are required to comply. Customers using the public Internet to consume Sabre APIs fit that description, so the update to TLS 1.2 is imperative.
- From the PCI Security Standards Council:
“Due to the nature of web-based environments, e-commerce implementations have the highest susceptibility and are therefore at immediate risk from the known vulnerabilities in SSL/early TLS.”
- For more detailed information regarding Sabre APIs environments and versioning, visit the PCI Mandate page on the Sabre Dev Studio site.
- Not sure if you’ve completed the required upgrade? Use the following URLs to test the connection with your client application:
- Please see the full details of affected URLs/IPs on our API Versioning page. As of the June 30, 2018 date, Sabre will only support TLS v1.2 (and higher) encryption methods via the latest endpoints posted in our environments page.
The actions required will vary depending on the configuration used to connect to Sabre APIs, mainly based on client libraries/frameworks used and programming language.
As a starter, a simple test – from the customer application – against the endpoints provided above (depending on the use of SOAP and or REST APIs) should tell if the current configuration is compliant with TLS 1.2.
Here are some examples of exceptions/errors received when a connection cannot be established:
• .NET: “The request was aborted: Could not create SSL/TLS secure channel.”
• Java: “net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure.”
With that – and since each customer configuration can be unique – a review by customers IT department/development team is encouraged to ensure the necessary actions have been taken.
Finally, if you have any concerns about making the necessary changes by June 30, 2018, please use the Contact Us form.