If you run an inworld service that logs in as a scripted agent (aka, a bot), or maintain a Third Party Viewer, please pay attention. This blog post is for you.
We are making some changes to improve the security of Second Life!
On November 1st, 2021 we are going to be discontinuing the use of two older security protocols, TLS 1.0 and TLS 1.1, on our login services. We’re doing this to increase the security of everyone on the grid.
In March of 2021 the Internet Engineering Task Force (IETF) officially deprecated these two older protocols, and now we’re gonna do the same. TLS 1.0 was released in 1999, and TLS 1.1 was released in 2006, and while they’ve had a good run, it’s time for them to enjoy a nice retirement into Internet history.
On Wednesday afternoon this week we inadvertently turned off TLS 1.0 and TLS 1.1, and we received reports that several inworld services (such as older bots and some very old Third Party Viewers) were unable to log in. Since we hadn’t given Residents any warning this was going to happen, we turned them back on this morning. We want to make sure folks have a chance to update their services before we turn them off again permanently on November 1st, 2021.
If you were impacted by the sudden removal of these older security types this week, we’re sorry they were turned off without warning. We should have communicated it better. We also want to thank you for taking the time to improve the security of your service! The grid will be safer for us all as a result.
For everyone else, you have nothing to do! Our viewer, and almost all of the popular Third Party Viewers have been using the latest versions of TLS for years. You’re all set!
Looking forward to a more secure Second Life,
April Linden, Gridbun