By Nick Harris
Over the last month you may have seen notifications from Autodesk, or from us, warning of change to the version of the Transport Layer Protocol Autodesk (TLS) will support and the impact that may have on some of the applications which you are currently using. The first thing to say is that this change will not alter any of the functionality of the desktop applications or cloud services that you currently use. TLS is the protocol that applications use to encrypt security information that is sent to services delivered across the web. For example, if you use Microsoft Outlook with Office 365 or Hotmail you will probably have had to enter your username and password when you set it up. These security details are regularly used to authenticate you against the email provider’s web service. It is clearly important that your login details cannot be intercepted and stolen as they are passed for validation. TLS 1.2 was released in 2008 and has become the industry standard for encrypting security information for use with the cloud. With this announcement Autodesk is finalising the process of aligning its public facing security standards with the accepted internet best practice.
Autodesk use web authentication for many different applications, many of which are accessed directly through a web browser. Most modern web browsers have supported TLS 1.2 for some time, or are updated on a regular basis and so the switch to these protocols happens without the user even being aware. Desktop applications however may have been developed using previous versions of TLS and now need some re-engineering to work with 1.2. This can normally be done without too much disruption and, as in this case, a hotfix can be applied to the application to update the communication stack. With Autodesk desktop applications, TLS is used for a couple of things. The most common is for the process of single-user subscription products sending the Autodesk ID of the user across the internet to authorise the product. This ID is sent frequently and it is important that it is protected using the safest available encryption protocol. The second is where the desktop application communicates directly with an Autodesk web service to exchange sensitive file data. Specifically, Autodesk Revit can be used with the BIM 360 Design Service to host live Revit projects in the cloud. Again, a Revit user must use their Autodesk ID to authenticate with the BIM 360 service before they can work with the cloud hosted data.
Autodesk does a great job of making it easy to apply updates and hotfixes. If you haven’t done so already, we strongly recommend installing the Autodesk Desktop App. It provides an easy to use interface for receiving and applying all applicable product updates, hotfixes and other installable utilities. Alternatively, the location of these specific hotfixes can be found at the link below.