To ensure your data remains secure, we are deprecating HTTP in favor of HTTPS. Adobe Livefyre will disable all HTTP and insecure SSL/TLS ciphers completely by end of August 2018. This is an Adobe Standard designed to protect the privacy of you and your users.
This could impact Livefyre customers who have:
All Livefyre customers must communicate with all APIs via HTTPS for all traffic, including:
Server to Server and Mobile HTTP Clients must support TLS 1.2
Change hostnames from {*}.<network>.fyre.co
to <network>.{*}.fyre.co
. For example, the host name example.network.fyre.co
changes to network.
example.fyre.co``. For example:
bootstrap.<network_name>.fyre.co
to <network_name>.bootstrap.fyre.co
quill.<network_name>.fyre.co
to <network_name>.quill.fyre.co
admin.<network_name>.fyre.co
to <network_name>.admin.fyre.co
You may already use HTTPS, but Livefyre recommends you double check, especially if you have:
Even if you already use HTTPS, you must verify that your API clients support TLS 1.2.
A person who works on the development of your site can:
Oracle and OpenJDK JVMs for Java 8 and later are configured to use TLS 1.2, by default, for all SSL connections. You do not need to take any additional action if you use Java 8 or later.
Users of Java 7 or earlier should consult public documentation on how to enable TLS 1.2.
Livefyre does not have SSL certificates on {*}.<network>.fyre.co
domains. Simply changing the URL to HTTPS breaks the application.
No. You can patch the code instead. To patch the code, you modify some static strings and rebuild the code. If your HTTP client is out of date, you’ll need to upgrade that as well or use a different one.
The length of time this takes depends on your setup. If you have a simple implementation, it should take little time to confirm. If you have many customizations, you will need to test and deploy updated code to your servers or new Apps to App Stores. For best results, we recommend you do an initial audit of the work so you can plan for any longer-term work.
Livefyre will disable port 80 (HTTP) to our services by the end of August 2018 and support only connections to 443 (HTTPS). Browsers and other clients, that attempt to use HTTP, will fail.
All customers must use HTTPS by the end of July 2018. If you cannot meet this deadline, contact our team at prioritysupport@livefyre.com.