Description

The TLS protocol as it is implemented for example by Microsoft, as well as the SSL protocol 3.0 and possibly earlier versions, have been found to be vulnerable to man-in-the-middle attacks, see CVE-2009-3555.

As a result, these protocols will be disabled in Scrive eSign as of 2 May 2024.

Impact

If you have an integration with Scrive eSign. You need to review and if necessary adapt your integration.

Recommendation

• Identify any used HTTP clients that are connected to Scrive eSign.
• Assess the capabilities of the HTTP clients used. You can do this also by making sure that these can connect reliably to our api-testbed environment where the new limitations on the TLS handshake are already in force.

Contact

If you have any further questions, feel free to reach out to Scrive Tech Support by writing an email to support@scrive.com referring to esign-002-2024.