Reminder: The Dropbox API will no longer accept TLS 1.0 or 1.1

Hi Dropbox,

We are currently using the following version in the Android apps. 

implementation 'com.dropbox.core:dropbox-core-sdk:2.1.1'

We will update to the required version. But development, testing and user update will take much more than 1 month left. We ask Dropbox to give us more time to comply.

Thanks for the consideration.

I received an e-mail from Dropbox warning that "your app(s) TuneLab Tuning Files have recently made calls to the Dropbox API using a deprecated TLS protocol version."  I thought we had updated both our iOS and Android versions over a year ago.  I suppose it is possible that some users of our apps have not updated in all that time, but I would like to know if there is any test I could run to see whether or not the latest versions of my apps are using the deprecated protocol.  My inspection of the Android code shows the external library of com.dropbox.core:dropbox-core-sdk:3.1.5, which should be OK.  And the iOS code uses cocopods and references ObjectiveDropboxOfficial and a README.MD that says "The Official Dropbox Objective-C SDK for integrating with Dropbox [API v2] " which should be OK too.  The source files are dated 11/3/2020.  So that should be OK too.  But I don't trust this as proof that my apps are not using the deprecated protocol.  So how can I run a test to know for sure?  Is there a way I can simulate April 13th now?  Or monitor traffic?  The e-mail I got from Dropbox has got me worried.

Hi Dropbox,

We have received the mail regarding to this issue, stating that:

"We’re reaching out because your app(s) ... have recently made calls to the Dropbox API using a deprecated TLS protocol version."

We would like to confirm the following:

1. Does that mean our app did make calls using a deprecated TLS protocol version so that we received this mail? Or, is this just a notification regardless of whether our app communicates with deprecated TLS protocol version?

By testing with our app, it seems that the latest version of our app uses the TLS 1.2 and 1.3 protocol version. If receiving this mail is a proof of using deprected TLS protocol version by our app, then the only possible reason may originate from some of our customers who still uses older version of our app, which may be kind of wierd. Also, do you have any recommended way to test on which TLS version our app is really using?

2. We are using the curl library to send API to dropbox with the setting of CURL_SSLVERSION_TLSv1. Under this setting, although it seems that we will use the TLS 1.2 or 1.3 (depending on the version of curl library), in case we may still send with TLS 1.0/1.1, we would like to know after the deprecation of TLS 1.0/1.1 on April 13, will the request be fallback to use TLS 1.2 or 1.3 automatically?  Also, is there any approach to test this situation?

Look forward to your reply, thank you!

Dear Greg,

My Android application has been upgraded last year to use Dropbox-Core-SDK 4.0.0 dated 30.3.2021. I am also using okhttp-3.11.0 from August last year.

I am very concerned that my Android app may not be fully compatible with the TLS 1.2 protocol, required from April 13.

How can I check to ensure my Android application is fully compatible with Dropbox TLS 1.2 requirements ?

Please advise.

Kind regards

Mariusz

Hello there,

I am attempting to update my application to be able to work with TLS 1.2. I have updated my dropbox module to version 11.7.0 in pythonista. Now I get the following error: Timeout value connect was Timeout(connect=100, read=100, total=None) but it must be an int or float

I have two questions: 1) Do you have any suggestions on how to address this error?

2) Do I need to update my API token now that I've made these changes?