Security when connecting to the internet is important. In modern computing, this security is provided by the TLS protocols. The Transport Layer Security protocols have new versions released occasionally that offer the latest security features.
To prevent people from continuing to use an old version forever, older versions are eventually deprecated. Ideally, this happens before any security vulnerabilities are practically exploitable in them. The first two releases of TLS, versions 1.0 and 1.1, are being deprecated. The preferred TLS versions are the more modern 1.2 and 1.3.
Note: TLS may sometimes be incorrectly referred to as SSL or Secure Sockets Layer. This was a previous protocol that performed the same task but worked differently. Additionally, both publicly released versions of SSL – versions 2 and 3 – are now considered insecure.
Slack is one of the early deprecators of TLS 1.0 and 1.1. This approach is evidence of its commitment to security. While Slack can easily control the security protocols its own software uses, third-party developers may not keep up.
Old apps or integrations may be continuing to use the older versions of TLS because they were never updated to support newer versions. Connecting with older, weaker security standards runs the risk of the data being compromised. Eventually, the affected user or integration will not be able to connect to Slack anymore.
How to Check If Users or Integrations Are Using Deprecated Versions of TLS
To help identify which users or integrations need to update to continue to be compatible, Slack offers a service that lets you see who in your workspace has connected or attempted to connect with outdated security protocols. To do this, you need to go to the TLS section of the settings. Unfortunately, there’s no direct way to get there from the main Slack application.
You’ll instead need to go through the member management settings. To get there, click on the workspace name in the top-right corner. Next, in the dropdown menu, select “Settings & administration.” Then “Manage members” to open the Member management page in a new tab.
Once you’re on the member management page, click on the top-left corner’s burger menu icon. Select “Support for Transport Layer Security (TLS)” from the list.
In the TLS section, scroll to the bottom of the page. Here you can check if your workspace has any users or integrations that suffer from TLS deprecations. You can download the data in a CSV format by clicking “Download CSV.”
TLS is the backbone of modern internet security. Older versions are weak and have security vulnerabilities; however, that is getting more feasible to exploit. By following the steps in this guide, you can check if any users or integrations in your workspace are attempting to connect using outdated TLS protocols.