Summary
In keeping with industry standards, Sauce Labs will be fully deprecating support for TLS v1.0 and TLS v1.1 protocol versions. This will affect all https traffic connecting to Sauce Labs, including:
- Test runners
- API clients
- Web browsers that access the Sauce Labs UI
As of November 2019, the great majority of https traffic to the Sauce Labs service uses TLS 1.2 (99.9% or higher). Most customers will not need to take any advance action; where possible, customers known by Sauce Labs to be using older versions of TLS have already been notified directly. Nonetheless, customers should verify the following:
Timeline and status
- Initially planned for Feb 1st 2020, this work was pushed back.
- July 8th 2020: TLS 1.0 and 1.1 connections to all Sauce Labs endpoints for all DCs other than our ondemand.saucelabs.com (and DC equivalents) no longer supported.
- Future date tbd: TLS 1.0 and 1.1 connections to Sauce Labs ondemand endpoints (e.g. ondemand.saucelabs.com) for all DCs no longer supported.
Test Runners
Any test runner that uses the Sauce Labs cloud (the saucelabs.com or app.testobject.com application or REST interfaces at saucelabs.com/rest/* path, or the equivalents for the EU and US-East/Headless data centers) must use versions of Java that support TLS 1.2. This may affect Bamboo, Jenkins, Jira Server, Confluence Server, or any other Java-based systems that connect to Sauce Labs. Customers will need to check the underlying version of Java used in these programs and, if necessary, upgrade them to versions that support TLS 1.2.
Similarly any test runner that uses the Sauce Labs ondemand endpoints at https://ondemand.saucelabs.com (and the equivalents for the EU and US-East/Headless data centers) must support TLS 1.2 as of October 5th 2020.
Java
Unaffected Java versions:
- JDK 8 and later
- JDK 7 versions 1.7.0_131-b31 and higher
Affected Java versions:
- JDK 7 versions earlier than 1.7.0_131-b31
- JDK 6 and earlier
Python and OpenSSL based languages
For Python and any OpenSSL based language will need to make sure TLS 1.2 and above is supported.
TLS 1.2 support started from OpenSSL version 1.0.1 and on.
To check what version of OpenSSL is used on your machine run:
python -c "import ssl; print(ssl.OPENSSL_VERSION)"
python -c "import ssl; print ssl.OPENSSL_VERSION" #python2
C#
Using .NET 4.6 and above will guarantee you this to work as TLS 1.2 is supported by default.
For .NET 4.5 TLS 1.2 is supported, but it’s not a default protocol. You need to opt-in to use it. The following code will make TLS 1.2 default, make sure to execute it before making a connection to secured resource:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
API Clients
Any API client (such as curl) that queries a Sauce Labs API endpoint must support TLS 1.2. Check the libraries they use to connect to our rest API at api.saucelabs.com or saucelabs.com/rest/* and be sure these libraries support TLS 1.2.
Web Browsers
Browsers that load the Sauce Labs UI at https://app.saucelabs.com (and the equivalents for the EU and US-East/Headless data centers) and https://app.testobject.com) must use TLS 1.2 or higher. A full list of such browsers: https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers
Loading this page in a browser will report if the browser supports TLS 1.2: https://www.ssllabs.com/ssltest/viewMyClient.html
Some browsers also make the TLS version visible in their developer tools or after clicking the padlock icon in the address bar.
Error Messages
Connection requests that are not in compliance with the TLS 1.2 protocol version or higher will result in an HTTP response code of 406 or an SSL handshake protocol version failure.