2018-04-25

TLS 1.2 and coffee down my windpipe

Last week I received this mail while sipping coffee:
Hello,
This is Bloomberg Enterprise Data Support. We are sending you this email as a reminder of the notification RefID:14671
which was sent on the 31st of January 2018. Effective 2nd of June 2018 Data License Web Services will no longer support
TLS version 1.1 and below. Clients running TLS 1.1 or below will be required to upgrade to TLS 1.2.
A UAT environment is also provided for you to test the migration. Details are provided in the notification sent under
RefID 14671. Please see https://service.bloomberg.com/portal/notification/5198 to access this.
According to our logs at the end of March your connections for dl789431 were still TLS version 1.1 or below.
Thank you and please let us know if you have any questions on this. You can reply to this email without altering the subject
line or give us a call at one of the below numbers. Your reference number can be found in the subject line starting with H#.


I almost choked on my coffee and dropped the cup on the floor. As I had developed my Bloomberg
routines myself on an old Linux platform using PHP non supported anyway by Bloomberg, they only
support .Net and C#. I knew this would be lot’s of (extra) work. First I checked  what OpenSLL version
I was on:
 
Do OpenSLL 1.0.0K support TLS 1.2? Of course not. I was pretty sure OpenSLL is not something you
easily upgrade, so I decided to start by create a new server with a modern Linux system.
After some reading and very superficial testing I decided to go for OpenSUSE 42.3




OpenSLL 1.0.1. Supports TLS 1.2 so I was cool with my openSUSE. I spent the better part of last
weekend migrating my Bloomberg communication routines with everything around, which includes my
Data Warehouse. Monday morning I did my first production tests, they worked fine.
So now my Data Warehouse is migrated from Mageia Linux to openSUSE (most jobs still run in
the Mageia though). I hope to finalize the migration during this summer.

All’s well that ends well, but I do not like the way Bloomberg acted in this case. They claimed they sent a message in January We must upgrade from TLS 1.0 to TLS 1.2 and then they sit and wait until end of April, then they come back with the “ultimatum mail” above, actually stating “if you can’t comply second of june - Tough Luck “. Fortunately Bloomberg support is good, so even though they could not help since they do not support Linux nor PHP, they responded fast and could tell when my test shots  where ok making the test period short.