nShift continues to increase the security of its applications and the way customers can interact with these. Recently we have tightened the TLS encryption requirements to allow only version TLS1.2 or higher.
Now we are taking the next step by removing support for unencrypted http across the entire Transsmart application stack.
Why?
Already since years the actual entry point to our applications has been an https endpoint. If any person or system was connecting to Transsmart over http, it would simply be redirected to use https instead.
This redirect goes unnoticed and works perfectly fine, but there are use cases where the initial http request contains authentication information and that was then sent to us unencrypted. This information can be sniffed by anyone monitoring your network traffic. Therefor, in order to better protect your credentials, we are soon going to remove the http-to-https redirect.
When?
The redirect will be removed on Tuesday January 2nd 2024 for QA systems.
On Tuesday February 20th 2024 it will be removed for production.
How should you prepare?
Make sure that the URL you have configured in your ERP/WMS or your browser favorites is set to connect over https:// directly. That is all.
What if not?
When connecting over http to Transsmart after we have removed the http-to-https redirect you will get a error message "404 - Connection refused. Please connect over https:// instead."
If you encounter this, you need to verify the way you connect and change the URL to https:// instead.