DocuSign removed TLS v1.0 from its approved security protocols on June 25th, 2018. This is in accordance with the Payment Card Industry Data Security Standard (PCI DSS) requirement to disable early versions of TLS and implement a more secure encryption protocol using TLS v1.1 or higher. For additional details see https://support.docusign.com/en/articles/End-of-TLS-1-0-and-weak-cipher-support.
Developer Options by Language
Developers who use the DocuSign API in their integrations can ensure their applications use TLS 1.1 or TLS 1.2 using the steps below. These differ depending on the language or library used.
- Build your application with .Net 4.6.1 or higher. Microsoft strongly recommends .Net 4.7.1. See: https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls
- Use version 2.1.10, or higher, of the DocuSign.eSign C# client library available on NuGet and here: https://github.com/docusign/docusign-csharp-client
- The protocol version can be specified for your application using the ServicePointManager class. The SecurityProtocol property allows you to specify the TLS version directly. Use the below line of C# code before you instantiate the DocuSign API Client in your REST or SOAP integration
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
- Java versions 6 (1.6) or lower are not compatible with TLS 1.1 or higher
(Some paid versions of Java 6 provide TLS 1.1 or 1.2 support. Check with your vendor.) See http://www-01.ibm.com/support/docview.wss?uid=swg21575620 and http://www.oracle.com/technetwork/java/javase/overview-156328.html
- Java version 7 (1.7) has support for TLS 1.1 and TLS 1.2, but this is not enabled by default. See https://www.java.com/en/configure_crypto.html
- Java versions 8 (1.8) or higher have default support for TLS 1.1 or TLS 1.2.
- PHP 7.0 defaults to TLS 1.1 or higher.
- PHP 5.6. See: http://php.net/manual/en/migration56.openssl.php (search for SSL/TLS version selection)
- Use the SSL_OP_NO_TLSv1 constant to turn off TLS 1.0. See https://nodejs.org/api/crypto.html#crypto_crypto_constants_1
Applications relying on OpenSSL (Perl, Python etc):
- OpenSSL v1.01 or newer supports TLS 1.1 and TLS 1.2.
- In newer versions, NSExceptionMinimumTLSVersion defaults to 1.2. See https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33
Thanks to Drew Martin, DocuSign Developer Support Engineer, for technical input, review and edits.