Does Asana's site stop supporting TLS 1.2?

When trying to connect to the site https://app.asana.com/api/1.0/ or generally https://app.asana.com/ on Windows Server 2012 R2 (which does not support TLS 1.3), I’m getting the error “The request was aborted: Could not create SSL/TLS secure channel.”

1 Like

Recently, we were still using win2012R2 too, without trouble, but we need to add that line in dotnet code and the equivalient in powershell scripts.

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

Also, I think we also had to set a few registry keys to disable old procols, not sure.

But, a few weeks ago, we decided it was time to update, as we start getting troubles connecting other services, like Mailchimp, and some Asasa-like products we also connect in ours (Bridge24). For Mailchimp, we were absolutely unable to call them from 2012 r2, we never found any solution and had to install a temporary proxy, waiting for our server upgrade!

So we finally moved from win2012r2 to 2022 (aws ec2 instance) :slight_smile:

1 Like

Hi,

TLS 1.2 is still supported but we recently rolled out a new CDN which limits the TLS ciphers we support. [Change] Infrastructure (CDN) rollout and potential new 400 & 403 errors

This is the page which lists the supported ciphers: Supported protocols and ciphers between viewers and CloudFront - Amazon CloudFront

Apologies, I’m not too familiar with Windows Server, but there might be a way to configure preferred ciphers? This might not be relevant, but something I found: Manage Transport Layer Security (TLS) in Windows | Microsoft Learn

1 Like

Yep, that’s it!

Temporarily using https://deprecated-api.asana.com/api/1.0 fixes the problem.

If you encounter a critical problem during the January 2024 rollout, you can temporarily make requests to https://deprecated-api.asana.com/api/1.0 to route requests to our older infrastructure. We intend to remove this option on March 1, 2024.

Now I will try to find out how to solve the problem eventually. Thanks.

2 Likes

Hey Fred,

Do you know how the temporary proxy was installed or what tool/library you used to accomplish this? Also having issues with win2012r2 and Asana oauth and I can’t find any solution for it. Tried changing registry values and everything.

Yes I know, because I did :smiley:
In fact, there’s no magic, we quickly code something on another server more recent.
We asked server2 (win2016) to call mailchimp on our behalf, we coded something very quickly, waiting for time to install a new win 2022 server.
For a time, server 2012r2 was calling server 2016, which was calling mailchimp and other services affected by tls 1.2 issue / deprecation.
I suppose that if we did not do that in time, we would also get issue with asana oauth today.

After a lot of trial-and-error and despite the IIS Cryto’s “Best Practice” template, we had to allow the following Ciphers:

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Without those 2 Asana was blocking our API connections.

1 Like