Community Help

StevenPP · ‎04-16-2024

Hiya,

We noticed yesterday around 10:30 UTC that all Badgr URL's appear to have stopped offering TLS 1.2 and now only offer TLS 1.3 (https://testtls.com/eu.badgr.com/443). Some host systems do not support TLS 1.2 or require workarounds. This has caused some issues for us. TLS 1.2 is still widely used and considered secure as long as certain cypher suites are avoided.

Has anyone else noticed this, or has it been communicated anywhere? I'm not sure if this has happened in error or was a planned deprecation.

DavidGrey · ‎05-02-2024

Yes we noticed this last week. We spotted it when an integration we have with the Badgr API started failing and had to upgrade one of our servers to enable it to support TLS1.3. Since then we've also noticed that Badgr fails to load in courses in our self-hosted Canvas with the very helpful 'Failed to load. Server error' message. We're guessing that this is also due to TLS1.3. We've upgraded that server so that OpenSSL now supports TLS1.3 and we've verified that OpenSSL can connect to Badgr from that server using TLS1.3, but Badgr is still not working in Canvas.

We've no idea how to go about getting Badgr working again in Canvas so any suggestions would be very welcome.

jmerlenbach2 · ‎05-10-2024

I'm not sure if either of you were able to resolve your errors since, but Instructure did release a notification that an upgrade from TLS 1.2 to 1.3 was going to be required in Canvas Catalog (https://community.canvaslms.com/t5/The-Product-Blog/Important-Security-update-within-Catalog-action-...) as of early June. More details are available here about specific ciphers: https://community.canvaslms.com/t5/Canvas-Change-Log/2024-API-and-CLI-Change-Log/ta-p/591713#:~:text...

We did not have any operational impact (cloud hosted instance of Canvas), but it is alarming that a breaking change like this occurred without meaningful, product specific communication.

StevenPP · ‎05-17-2024

Thanks for the replies. It looks like for Catalog at least, they're not removing support entirely for TLS 1.2 but just removing the ciphers that are no longer considered secure. That is what I would have expected for Badgr too, rather than removing TLS 1.2 support entirely.

We did receive confirmation from Canvas that the Badgr change was intentional and will not be reverted after my post here. I do find this quite worrying when I can find no ahead of time notification about this change. We've managed to find an acceptable workaround for now.

Badgr no longer offering TLS 1.2

badgr

security

TLS

Credential recipient identifier URL

Problemas de acceso para algunos alumnos

No Direct Public Assertion Link in Notification Ma...

Pathway "Add Integration" button not working

Canvas Credentials consumer key, secret, and confi...