I tried opening a ticket with Docusign Support, but they sent me this way instead. I'm hoping someone will be able to assist with this.
Starting on Nov. 16th at about 12:30 Central, we started getting errors in our application logs in our non-production environment. Upon investigation, it appears that https://demo.docusign.net/restapi started responding to TLSv1 queries with the following:
{
"errorCode": "TLS_INVALID_VERSION",
"message": "TLS Version is invalid, please update to TLS1.2 TLSv1.2 is
required. Currently using TLSv1"
}
This came as a surprise to us considering that Docusign was supposed to disable TLSv1 in their non-production environment many months ago. Back then, we tested our application against the above URL (after the supposed switchover) and everything was working with our application, so we assumed that production would continue to work when that was supposed to switch over. And it did.
The issue is that it turns out that Docusign seems to have not disabled TLSv1 when they said they were supposed to, which invalidated any testing we did previously. And now, we're at risk of our production environment failing at some unknown point in the future.
So, does anyone know when Docusign will be switching over the production environment so that TLSv1 is disabled? We're investigating the option to update the libraries in the app so they support at least TLS 1.1, but that may take some time and this is a critical issue for us.
Hugh
p.s. On a side note, the site says that TLS v1.2 is required, but it still responds to TLS v1.1.
