Harvest is Deprecating TLS v1.0 and v1.1

On August 3, 2020, we will be making some updates to keep Harvest secure. Below, you’ll find an outline of what’s changing, and details on what you’ll need to do. For most of our customers, Harvest will continue to work as normal without requiring you to take any actions. But in some cases, updates will need to be made to continue using Harvest.

We’ll go into what’s happening technically, and then what you may need to do on your end below. 

Note that the customers who will be most impacted by this will be those using our API. We’ll be sending out reminders to those customers as August 3rd approaches.

What’s changing?

When your browser, app, or integration communicates with Harvest, all data is encrypted in transit, and all connections use TLS. There are multiple major versions of TLS, including v1.0, 1.1, 1.2, and 1.3. Versions 1.0 and 1.1 are deprecated and should no longer be used.

On August 3, 2020, we’ll require all communications with Harvest to use TLS version 1.2 or greater.

Who does this impact?

If you access Harvest from the web

If you use an updated and supported browser you don’t need to do anything. Here’s the list of supported browsers: https://help.getharvest.com/harvest/faqs/overview/supported-browsers/

If you access Harvest from an app (such as our mobile apps, or desktop apps for Mac and Windows)

To ensure the usage of TLS1.2  you need to use a recent version of our apps. You can download the most recent version of our apps from their respective app stores:

• Harvest for iPhone: https://www.getharvest.com/apps-and-integrations/iphone
• Harvest for Android: https://www.getharvest.com/apps-and-integrations/android
• Harvest for macOS: https://www.getharvest.com/apps-and-integrations/mac
• Harvest for Windows: https://www.getharvest.com/apps-and-integrations/windows

If you use the Harvest API

For API usage, check to see if you’re already using TLS 1.2 or greater. Luckily, if you are using modern versions of your programming language, HTTP libraries, and frameworks, you probably don’t need to update anything. 

If you do need to make updates, the steps to take will be different depending on your situation. If you’d like help determining how to upgrade, please reach out to us and include your programming language, HTTP library, and/or frameworks, and we’ll point you in the right direction.

What if I need to make these updates but I don’t?

If you do nothing and your browser/app/library uses TLS version 1.0 or 1.1, Harvest will refuse your app’s HTTP requests beginning August 3, 2020. This means you won’t be able to access Harvest or data stored in Harvest until you upgrade to use TLS version 1.2 or greater. We encourage you to upgrade before this date to not experience any problems.