Greenhouse will be deactivating support for TLS v1.1 on August 12, 2019 across our public facing applications, including Greenhouse Recruiting, Greenhouse Onboarding, Business Intelligence Connector, Job Boards, and the Harvest API.
We are providing you advanced notice so that our customers and partners can prepare accordingly. If you are using unsupported clients to connect to Greenhouse after the deprecation of TLS v1.1, you will begin receiving connection error messages.
Service | URLs |
Greenhouse Recruiting | https://app.greenhouse.io, https://app2.greenhouse.io, https://<sso-custom-domain>.greenhouse.io |
Greenhouse Onboarding | https://onboarding.greenhouse.io |
Greenhouse Job Boards | https://boards.greenhouse.io |
Harvest API | https://harvest.greenhouse.io |
Job Boards API | https://api.greenhouse.io |
Greenhouse Recruiting and Events Mobile Applications | https://api.greenhouse.io |
Business Intelligence Connector | jdbc:redshift://redshift.greenhouse.io |
Why are we deactivating TLS v1.1?
We are deactivating TLS v1.1 to ensure that Greenhouse Software is providing our customers and partners with safe and secure protocols for our connections. This change is enforced throughout the industry to maintain secure connections that encrypt and protect your sensitive data from malicious breaches. All major browsers will begin requiring a minimum of TLS 1.2 starting in early 2020, and many networking services have already required TLS 1.2 and higher.
Am I affected?
Greenhouse has done some initial analysis and the deprecation of TLS v1.1 should only affect < 0.1% of our total traffic. There are two major categories of users that could be affected by the deprecation of TLS v1.1:
1. Customers and candidates using old browsers or mobile devices
This includes customers using unsupported browsers to access Greenhouse Recruiting and Greenhouse Onboarding applications as well as job applicants accessing job boards hosted by Greenhouse.
Supported Browsers
You can use the following website to easily determine if your browser supports a version of TLS > v1.1.
https://www.ssllabs.com/ssltest/viewMyClient.html
Browser | Version | Notes |
IE | 11 | Can be enabled in 8 |
Edge | 12+ | Supported in all versions |
Firefox | 27+ | Released Feb 3, 2014 |
Chrome | 30+ | Released Aug 19, 2013 |
Safari | 7+ | Released Oct 21, 2013 |
Opera | 12.1, 17+ | Released Nov 4, 2012 |
iOS Safari | 5+ | Released Mar 6, 2012 |
Opera Mini | All | |
Chrome for Android | 74 | |
Firefox for Android | 67 |
Table generated from data at https://caniuse.com/#search=tls%201.2
2. Customers using HTTP clients to connect to our Harvest and Job Boards API
Customers who have written their own API clients and are using clients that do not support TLS v1.2 and above will no longer be able to successfully connect to our Harvest and Job Boards API. Customers must ensure that they are using an HTTP client library which supports TLS 1.2 before the deprecation date.
Greenhouse will perform analysis on connections to our Harvest API, Job Boards API, and Business Intelligence Connector and will proactively communicate with affected customers to ensure a smooth transition. We encourage each customer that utilizes these APIs to ensure that they are prepared for the deprecation date and to not rely solely on our communication.
You can use the following API to easily test the library you are using for API connections to Greenhouse to ensure it supports TLS v1.2 or greater.
https://www.howsmyssl.com/a/check
The HTTP response will contain a tls_version
value which contains the highest version of TLS that is supported by the client.