Xero API TLS 1.2 upgrade guide for Ruby
Xero is deprecating the use of TLS 1.0, and suggesting all API users upgrade their integrations to use TLS 1.2
30th of June 2018 Xero will be deprecating the use of TLS 1.0 for any application communicating to any Xero API product. After this date, all applications communicating with Xero products must use TLS 1.1 or above. While it isn’t mandatory, we recommend applications upgrade to TLS 1.2 as the Xero API already has support for this.
Or get the news directly from Yas & Yasmine live from Xero DevTV
More in-depth details on how/why:
- Xero Dev Portal TLS notification
- Xero Dev Blog TLS post
Using Ruby? How to check Ruby is using TLS 1.2
Ruby version 2 by default uses TLS 1.2, so in most cases you should be fine. If you’re not using Ruby v2, now is the time to upgrade. If you can’t upgrade I’d suggest you test your integration and explicitly set TLS 1.2 to be used.
Using Xeroizer gem?
Two tests have been added to the test suite for the latest version of the Xeroizer gem, to automate testing/checking TLS 1.2 support.
You can find out more details about what’s included in the latest release of the Xeroizer gem here.
How to test with Xeroizer:
- Update to the latest version of the gem
- Run the tests
rake test - Success
Using Xero Gateway gem?
Two tests have been added, but won’t be pulled into master. If you’d like to use them, you can clone this fork, or just grab the test file: https://github.com/rjaus/xero_gateway/tree/tsl-12-upgrade
How to test with Xero Gateway:
- Clone repo or copy paste the test file.
- Run the tests
rake test - Success
Rolled you own gem?
You probably don’t need any help with writing a test then. You can always refer to how it’s been done in the above repo’s. Here is an additional resources that might help: https://www.proctor-it.com/ruby-tuesday-ssl-version-in-ruby/
OpenSSL Upgrade:
Ruby utilises what ever version of OpenSSL you have installed on your system. So you may want to upgrade this as well. After the heartbleed bug, most of you have probably already upgrade to a relatively recent version.
You can use the following command to determine which version of OpenSSL Ruby is using.
ruby -ropenssl -e 'puts OpenSSL::OPENSSL_LIBRARY_VERSION'
If your version is below 1.0.1c, consider upgrading.
Need to upgrade? Check these resources
- RVM & OSX: https://www.mattburkedev.com/update-openssl-for-all-rvm-rubies/
- Update with RubyInstaller (Windows): https://github.com/oneclick/rubyinstaller
Got problems?
Still having problems? Reach out on twitter @RileyJamesAU or @XeroAPI or email support: api@xero.com
