Category: Tech Insight

Let's EncryptThroughout May we’ve been migrating our domain’s security certificates. We’ve transitioned from certificates issued by GlobalSign to ones issued by Let’s Encrypt instead.

What Is A Security Certificate?

In essence, a security certificate is what allows you to connect to a website over a secure https connection (instead of traditional, insecure, http). A valid and strong security certificate is what ensures that the connection and traffic between your web browser and the website/service you’re using is encrypted.

What Is A Certificate Authority?

Put simply, a “Certificate Authority” (or CA for short) is an organization responsible for issuing and revoking security certificates. Popular CA’s include Comodo, Symantec, GoDaddy, and GlobalSign to name but a few.

Which Domains Are Affected?

All mid.as domains and *.mid.as sub domains (including our cloud-hosted customer’s domains).

Why Is This Happening?

Our security certificates were due for renewal in June. As part of our continuous commitment to provide visitors to our site and customers alike with the best possible experience, we took the opportunity to review who provides our security certificates. Let’s Encrypt provide HTTPS certificates to over 70 million domains. Switching to certificates issued by Let’s Encrypt allows us to simplify and automate the management of security certificates across our expanding MIDAS network.

Will I Notice Anything Different?

In short, no!

In order to migrate our CA from GlobalSign to Let’s Encrypt, we needed to remove the previous GlobalSign (AlphaSSL) certificate from each *.mid.as domain and install a new Let’s Encrypt certificate in its place. We have being doing this in a phased transition for all *.mid.as domains during the course of May. We’re pleased to report that this transition to Let’s Encrypt is now fully completed.

Here’s how the old and new certificate issuers now look for our *.mid.as domains:

CA Migration to Let's Encrypt
Migrating to Let’s Encrypt

We’d also like to reassure hosted customers that no domains, URLs, or IP addresses have changed as a result of this CA migration.

If you experience any issues or have any concerns, please don’t hesitate to reach out to us and we’ll be happy to help!

A note for cloud-hosted API users

Whilst unlikely, you may initially receive a certificate warning/error when making API calls. This will depend upon your code and development platform/language. Now that the security certificate for your dedicated *.mid.as sub domain has changed, it may temporarily prevent your code/app from working until you accept the new security certificate.

Also, in some rare cases, you may not be able to access the API if your platform/device is listed as incompatible in Let’s Encrypt’s certificate compatibility list.

Finally, please be aware that Let’s Encrypt issues auto-renewing certificates which are valid for fixed periods of 90 days.


As part of our ongoing commitment to the services we provide to our “cloud hosted” customers, we’ll shortly be upgrading our client servers to support HTTP/2.

HTTP/2 is the first major new version of the HyperText Transfer Protocol (HTTP) for two decades. It will eventually replace the previous HTTP/1.1 protocol which was standardized way back in 1997.

The primary goal of HTTP/2 is to overcome many of the shortcomings of the twenty-year old HTTP/1.1 protocol, particularly in relation to how content is delivered over the internet.

HTTP/2 focuses on optimizing the communication and flow of content between web servers and web browsers. When a user connects to a web site, their browser negotiates an HTTP session with the server. The type of session created will vary depending on the features supported by the browser and the server. If both ends support the latest HTTP/2 protocol, the server uses the HTTP/2 protocol to shape and optimize traffic before it passes through the network back to the browser.

Once the browser and server agree to use HTTP/2, they can utilize additional features such as compression and multiplexing to optimize the connection. If either the web server or the user’s web browser doesn’t support HTTP/2, the connection will fall back to the HTTP/1.1 protocol.

Benefits of HTTP/2

One of the main improvements over HTTP/1.1 is that HTTP/2 uses simultaneous connections (or multiplexing). Previously only one resource can be fetched from the server at a time. However with HTTP/2 multiple resources can be fetched over a single connection concurrently.

Another benefit is header optimization. Every request over HTTP contains header information. With HTTP/1.1, many of these headers are repeated over a single session. HTTP/2 removes redundant headers while compressing the remaining headers, leading to performance improvements.

Benefits to cloud-hosted MIDAS users

In terms of MIDAS, the benefit of our client servers supporting HTTP/2 is that users will see notable improvements in page load speed and responsiveness when using MIDAS.

In our pre-testing, we saw page load times via HTTP/2 improve by some 20% over the same pages loaded via HTTP/1.1

When will the upgrade happen?

We’ll be upgrading our client servers to support HTTP/2 over the coming weekend (15/16th July 2017). Other than a quick server restart, no additional downtime is expected. For more information, check our dedicated Service Status site (which already supports HTTP/2!), and follow us on Twitter for updates.

Will I need to do anything?

No action is required on your part!

If you’re running a modern operating system and web browser, you won’t need to do anything. Your browser will already support HTTP/2, and you’ll still access MIDAS in exactly the same way. Once our servers are HTTP/2 enabled over the weekend, your browser will adjust accordingly.

If you’re not running an HTTP/2 compliant browser/operating system don’t worry, you’ll still be able to connect to your hosted MIDAS system over HTTP/1.1 as before. For an improved MIDAS experience though, you may like to consider upgrading your operating system & browser to one that supports HTTP/2.

  • Edge Chrome Firefox Current versions of Edge, Chrome, and Firefox browsers fully support HTTP/2.
  • Safari Current versions of Safari support HTTP/2 on OSX 10.11+
  • Internet Explorer Internet Explorer 11+ supports HTTP/2 on Windows 10 only

UPDATE: Our network is now fully HTTP/2 enabled, and we’re seeing some great performance improvements too!


Disabling TLS 1.0 in early 2017

TLS stands for “Transport Layer Security” and is a cryptographic mechanism used to facilitate secure connections and communications over the internet. Several incarnations of the TLS protocol have been developed over the years (1.0, 1.1, and 1.2), with 1.0 being the oldest and now approaching the ripe old age of 18!

TLS 1.0 is now considered a “legacy protocol” and “weak” by today’s cryptographic standards, as it is susceptible to several vulnerabilities. Modern web browsers automatically default to preferring TLS 1.2 or TLS 1.1 over legacy TLS 1.0 connections, however some older browsers do not support the more modern and secure TLS 1.1/1.2 protocols.

As part of our ongoing commitment to security, in early 2017 we intend to drop support for legacy TLS 1.0 connections to our client servers. The vast majority of users will be unaffected by this change, but if you’re using an older web browser/operating system, you may need to update.

The minimum browser requirements for MIDAS v4.14 (and later) have also been updated accordingly.

The following table of web browsers provides additional guidance as to any action you may need to take to ensure you can continue to access our site/your hosted MIDAS system in 2017:

BrowserVersionComments
Microsoft Internet Explorer11OK (If you see the “Stronger security is required” error message, you may need to turn off the “Use TLS 1.0” setting via Internet Options → Advanced)
9-10OK (When running Windows 7 or newer, however you’ll need to enable TLS 1.1 and TLS 1.2 in Internet Explorer by selecting the “Use TLS 1.1” and “Use TLS 1.2” boxes via Internet Options → Advanced)
Upgrade Required (Windows Vista, XP and earlier are incompatible and cannot be configured to support TLS 1.1 or TLS 1.2 – Please update your operating system)
8 (or lower)Please update to a more recent version of Internet Explorer
Microsoft EdgeAll VersionsOK – No action required
Mozilla Firefox27+OK – No action required
23-26OK (Use about:config to enable TLS 1.1 or TLS 1.2 by updating the security.tls.version.max config value to 2 for TLS 1.1 or 3 for TLS 1.2)
22 (or lower)Please update to a more recent version of Firefox
Google Chrome (Desktop)38+OK – No action required
22-37OK – No action required (Provided you’re running Windows XP SP3, Vista, or newer, OS X 10.6 (Snow Leopard) or newer)
21 (or lower)Please update to a more recent version of Chrome
Google Chrome (Mobile)Android 5.0+ (Lollipop)OK – No action required
Android 4.4.x (KitKat)Device Dependent (Some Android 4.4.x devices may not support TLS 1.1 or higher. Please refer to your device manufacturer if unsure)
Android 4.3 (Jelly Bean) (or lower)Please update to a more recent version of Android
Apple Safari (Desktop)7+OK – No action required
6 (or lower)Please update to a more recent version of Safari
Apple Safari (iOS)iOS 5+OK – No action required
iOS 4 (or lower)Please update to a more recent version of iOS

Important Information For Hosted API users:

If you’re a cloud-hosted MIDAS customer utilizing the optional MIDAS API, please ensure that your applications and the underlying programming language you develop in can support (and are correctly configured for) TLS 1.1/1.2 connections. For instance Java 6 (1.6) (and lower) and .NET 3.5 (and lower) languages don’t support TLS 1.1/1.2.
If your applications/programming languages do not support at least TLS 1.1, your MIDAS API calls will begin to fail in early 2017 once we disable TLS 1.0.
Please refer to the vendor of your programming language if you’re unsure whether it supports TLS 1.1/1.2, or for assistance enabling such support in your development environment.

UPDATE: 1st April 2017

In advance of dropping TLS 1.0 support across our entire network this year, we’ve initially dropped TLS 1.0 support on our dedicated Service Status site. If you’re not sure whether or not you’ll still be able to access your hosted MIDAS system once TLS 1.0 support is dropped in the near future, please visit https://midas.network. If you’re able to visit this site without issue, then you’ll still be able to access MIDAS going forward.

UPDATE: 1st July 2017

As of today, our servers no longer accept TLS 1.0 connections. If you’re unable to access our site/a hosted MIDAS system, please upgrade your web browser.


We are delighted to announce the completion of our roll out of dedicated sub-domains for all our cloud hosted customers!

This follows a desire expressed by a few of our customers to be able to have their cloud-hosted MIDAS systems accessible via a dedicated sub domain.

The makeup of a URL containing a subdomain
The makeup of a URL containing a subdomain

What is a subdomain?

A subdomain is a part of a website’s domain name that comes before the main domain name, separated by a dot.

It functions as a separate website, but still shares the same primary domain name.

Think of it like an apartment within a larger building: it has its own address and entrance, but it’s still part of the overall structure.

Here’s an example:
Main domain: mid.as
Subdomain: demo.mid.as

Subdomains for new hosted customers

At the start of this year (2016) we began providing this to all new customers who chose a cloud hosted edition of MIDAS.

Let’s assume that your company was called “My Organization”. If you subscribed to a cloud-hosted edition of MIDAS in 2016, you would have been able to choose the dedicated MIDAS subdomain https://my-organization.mid.as for your hosted booking system.

However, if you purchased a cloud-hosted MIDAS system prior to 2016, you’d instead have been accessing your system via https://mid.as/my-organization.

This was before dedicated mid.as subdomains were available.

Subdomains for all hosted customers

The good news is that from today, we’ve now rolled out dedicated mid.as subdomains to all our hosted customers who purchased prior to 2016 as well!

So, if you previously accessed your hosted MIDAS system via https://mid.as/my-organization, you’ll now have the dedicated subdomain https://my-organization.mid.as. Old mid.as/my-organization URL’s will continue to work and redirect to my-organization.mid.as for some time.

If you purchased a cloud-hosted MIDAS system prior to 2016, we’d like to encourage you to update your bookmarks and links. Going forward, they should now point to your new dedicated mid.as subdomain!

There are a few things to note when updating your bookmarks/links:

  1. If your hosted MIDAS URL previously contained underscores (_), you’ll need to change these to hyphens () when updating your bookmarks and links.
    For example:
    https://mid.as/my_organization would now become https://my-organization.mid.as
  2. If your hosted MIDAS URL previously contained a domain name (other than mid.as) i.e. .co.uk, .com, etc, you’ll need to remove the end part when updating your bookmarks and links.
    For example:
    https://mid.as/myorganization.com would now become https://myorganization.mid.as
  3. If your hosted MIDAS URL previously contained any period characters (.) (other than the initial period in the primary “mid.as” domain), you’ll need to remove these when updating your bookmarks and links.
    For example:
    https://mid.as/my.organization would now become https://myorganization.mid.as

If you have any questions, or aren’t sure what the new dedicated subdomain for your hosted MIDAS system is, please don’t hesitate to contact us. Our team will be more than happy to help!