Hi, I’ve been developing an app using the Companies House API but a recent security review identified that the server ‘https://api.companieshouse.gov.uk/’ still supports TLS 1.0 and because of this I am being preventing from rolling out my app to other users.
According to the security report:
Due to historic export restrictions of high grade cryptography, legacy and new web servers are often able and configured to handle weak cryptographic options. Even if high grade ciphers are normally used and installed, some server misconfiguration could be used to force the use of a weaker cipher to gain access to the supposed secure communication channel. Ciphers such as SSLv2/SSLv3/TLSv1.0 should not be supported by the server, or Ciphers that utilize a NULL cipher or have weak key lengths. TLS 1.0 has been declared end of life by most systems, and should no longer be used. More info at https://www.owasp.org/index.php/Testing_for_SSL-TLS_(OWASP-CM-001)
Are their any moves within Companies House to stop supporting this cypher for the API?
Thanks, David