System Announcements

13 February 2018 - TLS & SSL Certificate Strengthening for gTLD Registrars

We are pleased to announce the deployment date for the implementation of:

  1. Strengthened TLS requirements for EPP connections
  2. Strengthened SSL certificate requirements

Both changes will be deployed on 13 February 2018.

Please update your EPP connections to TLS 1.2 and ensure your SSL certificates are valid and signed by a well known Certification Authority (CA) as soon as possible.  The following changes will deprecate older versions.

The TLS change is in line with recognised best practice for EPP connection security levels and we strongly advise registrars to now check that they are using TLS 1.2 or higher for all EPP connections. 

The gTLD testbed (Operational Test and Evaluation - OT&E) will be updated on 5 December 2017 so that registrars may test their connections should upgrade activity be required to meet the 13 February 2018 change date.

From 13 February 2018 you will need to use TLS 1.2 or higher for your EPP connections and connections attempted using lower TLS levels will fail. 

From 13 February 2018 it will no longer be possible to make an EPP connection where the client SSL certificate is invalid or missing. Certificates must be signed by a well know Certificate Authority (CA) and be valid (i.e. not expired). We advise registrars to review their certificate signing and renewal processes to ensure that their certificates are valid. 

If you have any questions regarding this system update, please contact our customer services team on +44(0)1865 332481 or via email.

Date Announced: 
Friday, November 10, 2017 - 13:19