Developers Using TfL’s Open Data Feeds

On Tuesday 20 December at 14:40, we deprecated support for older cypher suites such as SSLv3, TLS 1.0 & 1.1. This is in line with security best practice and helps protect our free services from the security issues identified in older versions of these technologies.

We've rolled back our change, giving open data users extra time to update their tooling to support modern TLS versions (1.2 and 1.3)
We’ve rolled back our change, giving open data users extra time to update their tooling to support modern TLS versions (1.2 and 1.3)

It was brought to our attention by some of our Open Data users that this caused issues with legacy tools that did not support newer versions of TLS (1.2 & 1.3). These tools included older versions of Java SDK.

On receiving indication of issues, we rolled back our change at 17:00 on 20 December and service was restored to allow affected customers to consume our API, and to give time to update their tooling to support modern TLS versions.

We are aiming to reinstate the change again on Friday 6th January so updates will need to be implemented by this date.

You can test against our new configuration using the URL:

https://api-ssl.tfl.gov.uk

Details on supported cypher suites and related toolsets & browsers can be found at https://www.ssllabs.com/ssltest/analyze.html?d=api-ssl.tfl.gov.uk&s=104.16.26.236&latest