Even better security – dropping support for TLS 1.1

This change has been completed as of 18th July 2021.

Padlock on doorIn line with web browser providers such as Google, Apple & Mozilla, Zamzar is announcing the end of support for TLS 1.1, a cryptographic protocol used to secure communications between your web browser (or API client) and our systems.

From July 19th 2021 the main Zamzar website and the Zamzar Developer API will no longer support secure connections using the outdated TLS 1.1 protocol, so you will need to plan accordingly.

Why are you ending support?

In short – to make your use of our services more secure. Transport Layer Security (TLS) was originally developed by Netscape in the early 1990s and has undergone several revisions since then. TLS 1.1 was introduced in 2006, and is now out of date and no longer support in modern web browsers. TLS v1.2 and v1.3 provide safer, modern alternatives for connecting securely to web services. The Payment Card Industry (PCI) Security Standards Council is also recommending that websites drop support for TLS 1.1.

What does this mean if I use the Zamzar website?

If you want to use the main Zamzar website at https://www.zamzar.com you will need to ensure you are using a modern web browser capable of using up-to-date security protocols. This means using one of:

  • Chrome v29 or later
  • Firefox v27 or later
  • Safari v7 or later
  • Opera v16 or later
  • Internet Explorer 11 or later (or Edge)

Since the Zamzar website will no longer work with older web browsers we strongly recommend upgrading your browser before 19th July 2021 so that you can continue using our services. After this date we cannot guarantee that you will be able to convert files via the website when using older browsers.

What does this mean if I use the Developer API?

If you use the Zamzar Developer API at https://developers.zamzar.com/ (and associated endpoints at sandbox.zamzar.com and api.zamzar.com) you should ensure any client code that you use to connect to the API is not using TLS 1.1 to connect to our services.

We provide some guidance below on checking your TLS usage in popular languages, but you should also consult the “How can I test this?” section below to verify any updates or changes you make:

  • C# – Make sure that your client code is configured to use a modern TLS version for your System.Net.Http.HttpClient (see here for more info).
  • Curl – Supports TLS1.2 starting from v7.34, so ensure you are using this version or higher (download updates here).
  • Java – TLS 1.2 support was added to the JRE in 1.7.0_131-b12, so API calls made using older versions of Java may fail.
  • Node.js – Check the version of TLS that your “requests” package is using (see here for more info).
  • PHP – Uses the system-supplied cURL library, which requires OpenSSL. Ensure this version of OpenSSL is at v1.0.1 or later.
  • Python – Also uses the system OpenSSL so you should check this is later than v0.9.8. OpenSSL v1.0.1 supports TLS 1.2 by default.
  • Ruby – Also uses the system OpenSSL. OpenSSL v0.9.8 will no longer work, but OpenSSL v1.0.1 or later will work since it adds support for TLS 1.2.

How can I test this?

If you want to verify that your browser or client code is ok you can connect to https://www.zamzar.com/ to verify that you can still use Zamzar services.

If your connection is successful you should see the Zamzar website displayed. For example in a web browser that works you will see:

If you wish to test API access via client code then try sending an HTTP GET request to an API endpoint such as


… to verify that you can connect ok. If the connection is successful, you should see output like this:


Further Questions

If you have any further questions on this topic or need any advice from our engineering team please get in touch with us at support@zamzar.com.

Happy secure converting!
The Zamzar Team.

[Main padlock photo by Georg Bommeli]

%d bloggers like this: