| Primary Care Support England |  |
| TLS 1.0 & 1.1 deprecation and testing Dear Colleague, To enhance security and provide best-in-class encryption for your data, we are making technical changes to the eGOS service in line with the industry-standard changes made to the Transport Layer Security (TLS) protocol. TLS 1.0 and 1.1 was formally deprecated by IETF (Internet Engineering Task Force) in March 2021. The broader technology sector, including governance/standards councils such as PCI, have been advocating or even requiring deprecation years before this, but in some instances still allowing its use via overrides for exceptional cases. Capita has continued to support TLS 1.0 and 1.1 beyond the formal date to allow clients time to uplift some of the more complex or legacy environments they interface/integrate with. However, Capita is now following suit and dropping support for these in October 2024, meaning the PCSE eGOS service will support only TLS 1.2> from 6 September 2024 onwards. For additional information on the deprecation of TLS 1.0 and 1.1, click here. Recommended action To avoid potential service disruptions, please check that your systems interacting with PCSE eGOS services are using TLS 1.2 or later. Then: – if your systems are already exclusively using TLS 1.2 or later, you don’t need to take any further action – if they still have a dependency on TLS 1.0 or 1.1, please ensure you transition them to TLS 1.2 or later by 6 September 2024 Testing We invite PMS providers to test the planned changes in the PCSE Online UAT environment from 8 August for a period of two weeks, ending 22 August 2024. If PMS providers experience any issues during the testing window, please email us as soon as possible at pcse.pmsegos@nhs.net, with a subject of ‘PMS TLS issue‘. Please explain briefly what has happened, include a screenshot of the error message and confirm the version of TLS being used. Our technical team will then investigate and implement any required changes. We’ll send you a reminder at the start of August, ahead of testing window. Future improvements to the eGOS service Once the TLS 1.0 and 1.1 version have been deprecated in September 2024, our next improvement will be the removal of the need for client certification when connecting to the eGOS service. This improvement will also be available for testing in due course, and we’ll keep you updated moving forward. Please share this communication with your relevant audiences. Best wishes, The PCSE Ophthalmic Payments Team |
