According to a Quick Alert released by the IRS, the AIR A2A and UI systems will be dropping support for TLS < 1.2 in the coming months.
TLS is an encryption protocol that was designed to protect data as it’s being transferred across a network. Systems on the application layer provide encryption and decryption capabilities via the use of trusted certificates and this forms the basis for most HTTPS communications. TLS 1.2+ have been the standard across the software industry for sometime, so it’s good to see the IRS take this step to increase the security of communications from their ACA backend systems.
Who is affected?
In order to continue using IRS services, you will want to ensure you are using a browser that is capable of using TLS 1.2 and greater. In reality, this should only affect users that are on very old browsers. See below for a browser matrix with compatibility info:
For users of the A2A system, you’ll want to make sure your SOAP API can use TLS 1.2+ via configuration.
When does this go into affect?
To avoid system downtime, the IRS recommends updating your ACA AIR APIs and browsers to use TLS 1.2 and greater before August 1, 2022.
As a general rule, it’s good to test out your systems (both browsers and API services) with updates for the TLS 1.2 migration prior to August 1st, since these systems already support the newer protocol. Once you’re able to ensure the changes work correctly in your systems, you can deploy these changes prior to the deprecation date.
To ensure your systems continue to work smoothly we recommend:
- Updating your browser(s) to the latest supported version.
- Update your code to use TLS 1.2+ where possible.
If these aren’t possible due to internal constraints, we recommend consulting with an ACA software provider for more info.