You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
Greg-DB
Dropbox Staff
Dropbox StaffReminder: The Dropbox API will no longer accept TLS 1.0 or 1.1
Beginning on or after April 13, the Dropbox API will require that calls use TLS 1.2 or greater. Traffic using TLS 1.0 or 1.1 will be rejected.
The latest Dropbox SDKs will select TLS 1.2 when available in the environment, but versions over two years old may require an update. In particular, users of the Dropbox Java SDK should update to v3.1.1 (released June, 2019) or later & Dropbox Python SDK should update to v8.4.1 (released November, 2017) or later.
TLS 1.2 has been the default on major mobile & desktop operating systems since 2014. Developers whose application may be run in older or unusual environments should investigate to ensure compatibility.
Please ensure your apps use TLS 1.2 when connecting to the Dropbox API.
Hi Dropbox,
We are currently using the following version in the Android apps.
implementation 'com.dropbox.core:dropbox-core-sdk:2.1.1'We will update to the required version. But development, testing and user update will take much more than 1 month left. We ask Dropbox to give us more time to comply.
Thanks for the consideration.
- Greg-DB
Eric Z.6 Thanks for sharing this feedback. At this time I am unfortunately not able to offer extensions for this change, but I’m sending this feedback along to the team.
For reference, we did send earlier advance notices about this change by email last year, but it sounds like those did not make it to you. For instance, perhaps they were caught by a spam filter. Please make sure that the email address on the account that owns your API app(s) is correct and can receive email. Additionally, make sure you haven't unsubscribed from "API announcements".
We are using libcurl and are sure it will fall back to the appropriate protocol as reported by the Dropbox API server. However, the final results depend upon the configuration of the server too.
Is there a way to test or simulate the API server changes before 13th?
I received an e-mail from Dropbox warning that "your app(s) TuneLab Tuning Files have recently made calls to the Dropbox API using a deprecated TLS protocol version." I thought we had updated both our iOS and Android versions over a year ago. I suppose it is possible that some users of our apps have not updated in all that time, but I would like to know if there is any test I could run to see whether or not the latest versions of my apps are using the deprecated protocol. My inspection of the Android code shows the external library of com.dropbox.core:dropbox-core-sdk:3.1.5, which should be OK. And the iOS code uses cocopods and references ObjectiveDropboxOfficial and a README.MD that says "The Official Dropbox Objective-C SDK for integrating with Dropbox [API v2] " which should be OK too. The source files are dated 11/3/2020. So that should be OK too. But I don't trust this as proof that my apps are not using the deprecated protocol. So how can I run a test to know for sure? Is there a way I can simulate April 13th now? Or monitor traffic? The e-mail I got from Dropbox has got me worried.
I would second that request of a simple test for peace of mind.
I also got that email, but my apps have should have been using compliant versions of the SDK for many years...
- Greg-DB
Robert S.138 Mark R.5 If you’ve already updated your app, this traffic may be coming from users still on an old version of your app. You may want to notify your users to update to the latest version of the app. We don't have a way to simulate the change, but I'll pass this along as a feature request. I can't promise if or when that might be implemented though. If you'd like additional help verifying this, feel free to open an API ticket from the account that owns the app(s) in question and we may be able to offer some help.
Can you at least confirm that the following is sufficient for avoiding the deprecated protocols:
In the Android version of our app, the build.gradle file under the app folder contains:
dependencies {
. . . .
implementation 'com.dropbox.core:dropbox-core-sdk:3.1.5'. . . .
}and in the iOS version of our app, all the files in all the subdirectories of:
Pods/ObjectiveDropboxOfficial
have a file date of 11/3/2020.
If it is not sufficient, tell me what else I could check.
Hi Dropbox,
We have received the mail regarding to this issue, stating that:
"We’re reaching out because your app(s) ... have recently made calls to the Dropbox API using a deprecated TLS protocol version."
We would like to confirm the following:
1. Does that mean our app did make calls using a deprecated TLS protocol version so that we received this mail? Or, is this just a notification regardless of whether our app communicates with deprecated TLS protocol version?
By testing with our app, it seems that the latest version of our app uses the TLS 1.2 and 1.3 protocol version. If receiving this mail is a proof of using deprected TLS protocol version by our app, then the only possible reason may originate from some of our customers who still uses older version of our app, which may be kind of wierd. Also, do you have any recommended way to test on which TLS version our app is really using?
2. We are using the curl library to send API to dropbox with the setting of CURL_SSLVERSION_TLSv1. Under this setting, although it seems that we will use the TLS 1.2 or 1.3 (depending on the version of curl library), in case we may still send with TLS 1.0/1.1, we would like to know after the deprecation of TLS 1.0/1.1 on April 13, will the request be fallback to use TLS 1.2 or 1.3 automatically? Also, is there any approach to test this situation?
Look forward to your reply, thank you!
- Greg-DB
DreamingDev 1. If you received that email it means your app sent some amount of TLS 1.0 or 1.1 traffic to the Dropbox API recently. If you’ve already updated your app, this traffic is likely coming from users still on an old version of your app. We don't have a way to simulate the change, but I'll pass this along as a feature request. I can't promise if or when that might be implemented though.
2. I can't provide support for specific third party network clients as they're not made by Dropbox, but in general yes, network clients should automatically use the best available and compatible protocol version. As above, I can't offer a way to test this ahead of time, but you may be able to enable some logging on your network client to check the protocol version being used.
Dear Greg,
My Android application has been upgraded last year to use Dropbox-Core-SDK 4.0.0 dated 30.3.2021. I am also using okhttp-3.11.0 from August last year.
I am very concerned that my Android app may not be fully compatible with the TLS 1.2 protocol, required from April 13.
How can I check to ensure my Android application is fully compatible with Dropbox TLS 1.2 requirements ?
Please advise.
Kind regards
Mariusz
- Greg-DB
MarioEM That version should be sufficient. If you need help confirming anything for your app(s) in particular, please open an API ticket.
Hello there,
I am attempting to update my application to be able to work with TLS 1.2. I have updated my dropbox module to version 11.7.0 in pythonista. Now I get the following error: Timeout value connect was Timeout(connect=100, read=100, total=None) but it must be an int or float
I have two questions: 1) Do you have any suggestions on how to address this error?
2) Do I need to update my API token now that I've made these changes?
- Greg-DB
1) I believe that was a bug in an older version of the 'requests' library. Please update the version of 'requests' you have installed and try again.
2) No, these TLS changes do not require you to change your access token(s).
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
