Adobe Sign Technical Notifications 2015-2016

API & Web App: Password Complexity rules will change in 2017

Adobe Sign is changing the password complexity rules to increase security. In early 2017, customers using the web application will be prompted to update their password, and will have 90 days to comply. Customers that login or provision users through the existing REST or SOAP APIs will have until mid-2018 to update their applications to comply with the Adobe Sign password security requirements. Information on how to transition to the new rules will be available for both customers and partners using the API in early 2017. 

New password criteria:

• A minimum of 8 characters, maximum of 100 characters
• At least one uppercase character
• At least one digit
• At least one special character (punctuation), except whitespace
• Cannot contain case insensitive username, first name or last name
• The new password will be rejected if it matches previously used passwords 

ACTION REQUIRED

In early 2017, web application users should update passwords when requested. Customers that provision users through the API will have until July 2018 to update their applications to use REST API to comply with the new password criteria. 

Integration: Support for the Adobe Sign integration with Salesforce v14 has ended.

Product updates, security updates and technical support for Adobe Sign for Salesforce v14 ended December 15, 2016. 

Version 18 is available now. Get the newest features, including: 

• Better user experience for both Salesforce Classic and Lightning views
• Greater status visibility
• Improved admin experience with advanced Lightning components
• New tools for advanced signing workflows 

ACTION REQUIRED 

Upgrade to the latest version of our integration with Salesforce. Customers using unsupported versions will be required to upgrade to a current version to continue to receive technical support. 

Integration: New Release of Adobe Sign for Microsoft Dynamics and end-of-life for the Adobe Sign integration with Dynamics v4

Microsoft Dynamics v5 is now available. This release includes improvements such as using Microsoft Turbo Forms and wider browser support. For information about upgrading to the latest version, contact your Customer Success manager.

Adobe Sign for Microsoft Dynamics v4 and earlier (on premise and online versions) will be discontinued on June 30, 2017. These versions will no longer be available after June.

ACTION REQUIRED

For both Microsoft Dynamics on premise and online, upgrade to Adobe Sign for Dynamics v5 before July 2017. You will be able to migrate all data from v4 and earlier to the latest version. Version 5 supports Dynamics on premise 2013, 2015, 2016 and Dynamics online

Security: End-of-support for TLS 1.0 and 1.1

Adobe will be removing support for TLS 1.0 and 1.1 protocols in 2017 to meet industry best practices for SSL/TLS security and for compliance with PCI standards (date to be announced). When TLS 1.0 and 1.1 support is dropped, customers who have not yet upgraded to TLS 1.2 or higher will be unable to access the Adobe Sign service.

ACTION REQUIRED

Follow the recommended system configuration for Adobe Sign for both your browser and desktop operating system so that TLS v1.2 is supported.

System Configuration Update: End of support for Internet Explorer 9

Adobe Sign will end support for Internet Explorer 9, in early March, to align with Microsoft's end of support for Windows Vista on March, 11 2017.

ACTION REQUIRED

Update hardware to supported operating systems, including Windows 7, 8 or 10 with one of the supported browsers listed in the Adobe Sign System Requirements.

Reminders

API: OAuth application support for SOAP API to be deprecated

With the December maintenance release, new OAuth applications are only able to access REST APIs. Existing applications and integration keys will continue to have access to both SOAP and REST APIs.

ACTION REQUIRED

Use the REST APIs when developing any new application. For more information, go to the Developer Center.

API & Web App: Support has ended for older Text Tag syntax.

Support for v1.0 text tags has ended. While v1.0 tags will continue to be honored in the service, no bugs or enhancement requests will be accepted for this syntax.

ACTION REQUIRED
Ensure your users are using 2.0 text tag syntax when creating new document templates. Review applications and existing templates that may contain older text tags and update them with the newer 2.0 text tag syntax. Refer to Creating Forms with Text Tags Reference Guide for details.

Security: Support for RC4 cipher has ended.

Use of the RC4 transport layer cipher will be discontinued the week of January 16, 2017.

API: SOAP APIs are being deprecated for new OAuth applications

With the next maintenance release in early December, new OAuth applications will only be able to access REST APIs. Existing applications and integration keys will continue to have access to both SOAP and REST APIs.

ACTION REQUIRED

Use the REST APIs when developing any new application. For more information, go to the Developer Center. 

Mobile App: Update the security settings on your Single Sign On (SSO) server

Apple has announced the enforcement of App Transport Security (ATS) for all mobile applications submitted to the App Store by the end of 2016. If you have configured your Adobe Sign account to use SSO login, and are using the Adobe Sign iOS mobile app, please ensure that your SSO server supports Apple’s App Transport Security (ATS) requirements.

ACTION REQUIRED

Update your servers to support Apple’s ATS requirements before December 1, 2016 in order to continue your SSO access to the Adobe Sign iOS application.

API & Web App: Support has ended for older Text Tag syntax

Support for v1.0 text tags has ended. While v1.0 tags will continue to be honored in the service, no bugs or enhancement requests will be accepted for this syntax.

ACTION REQUIRED

Ensure your users are using v2.0 text tag syntax when creating new document templates. Review applications and existing templates that may contain older text tags and update them with the newer 2.0 text tag syntax. Refer to Creating Forms with Text Tags Reference Guide for details.

Integration: New Release of Adobe Sign for Microsoft Dynamics and end-of-life for the Adobe Sign integration with Dynamics v4

Integration: New Release of Adobe Sign for Microsoft Dynamics and end-of-life for the Adobe Sign integration with Dynamics v4

Microsoft Dynamics v5 is now available for customers to preview. This release includes improvements such as using Microsoft Turbo Forms and wider browser support. For information about previewing the latest version, contact your Client Success Manager.

Adobe Sign for Microsoft Dynamics v4 and earlier (on premise and online versions) will be discontinued on June 30, 2017. These versions will no longer be available after June.

ACTION REQUIRED

For both Microsoft Dynamics on-premise and online, upgrade to Adobe Sign for Dynamics v5 before July 2017. You will be able to migrate all data from v4 and earlier to the latest version. Version 5 supports Dynamics on-premise 2013, 2015, 2016 and Dynamics online

Integration: Support for the Adobe Sign integration with Salesforce v14 is ending

Product updates, security updates and technical support for Adobe Sign for Salesforce v14 will end on December 15, 2016.

Version 18 is available now. Get the newest features, including:

Better user experience for both Salesforce Classic and Lightning views

• Greater status visibility
• Improved admin experience with advanced Lightning components
• New tools for advanced signing workflows

ACTION REQUIRED

Upgrade to the latest version of our integration with Salesforce. Customers using unsupported versions will be required to upgrade to a current version to continue to receive technical support.

API & Web App: Password Complexity rules will change in 2017

Adobe Sign is changing the password complexity rules to increase security. Beginning in March 2017, customers using the web application will be prompted to update their password, and will have 90 days to comply. Customers that login or provision users through the existing REST or SOAP APIs will have until mid-2018 to update their applications to comply with the Adobe Sign password security requirements. Information on how to transition to the new rules will be available for both customers and partners using the API in early 2017.

New password criteria:

• A minimum of 8 characters, maximum of 100 characters
• At least one uppercase character
• At least one lowercase character
• At least one digit
• At least one special character (punctuation), except whitespace
• Cannot contain case insensitive username, first name or last name
• The new password will be rejected if it matches previously used passwords

ACTION REQUIRED

Beginning in March 2017, web application users should update passwords when requested. Customers that provision users through the API will have until July 2018 to update their applications to use REST API to comply with the new password criteria. 

Security: End-of-support for TLS 1.0 and 1.1

In order to meet industry best practices for SSL/TLS security, and for compliance with PCI standards, we will be removing support for TLS 1.0 and 1.1 protocols in 2017 (date to be announced). When TLS 1.0 and 1.1 support is dropped, customers who have not yet upgraded to TLS 1.2 or higher will be unable to access the Adobe Sign service.

ACTION REQUIRED

Follow the recommended system configuration for Adobe Sign for both your browser and desktop operating system so that TLS v1.2 is supported.

Reminders

Security: Support for RC4 cipher has ended

Use of the RC4 transport layer cipher will be discontinued the week of January 16, 2017.

Update the security settings on your Single Sign On (SSO) server

Apple has announced the enforcement of App Transport Security (ATS) for all mobile applications submitted to the App Store by the end of 2016. If you have configured your Adobe Sign account to use SSO login, and are using the Adobe Sign iOS mobile app, please ensure that your SSO server supports Apple’s App Transport Security (ATS) security requirements.

ACTION REQUIRED

Update your servers to support Apple’s ATS requirements before December 1, 2016 in order to continue your SSO access to the Adobe Sign iOS application.

Support to end for older Text Tag syntax

The previously communicated date of October 3, 2016 for the end-of-support for older text tag syntax has been postponed to give customers more time to transition to version 2.0 text tag syntax. The new end-of-support date has not been set; however, please be sure that all forms and agreements use the current syntax.

ACTION REQUIRED

Ensure your users are using 2.0 text tag syntax when creating new document templates. Review your library of existing templates that may contain older text tags and update them with the newer 2.0 text tag syntax. If you have an application that uses the old syntax, revise the tags in order to insure your application continues to work once the end of support is in effect. Refer to Creating Forms with Text Tags Reference Guide for details.

End-of-life for the Adobe Sign integration with Microsoft Dynamics v4

Adobe Sign for Microsoft Dynamics v4 and earlier (on premise and online versions) will be discontinued on June 30, 2017. These versions will no longer be available after June. The new version (v5) includes improvements such as using Microsoft Turbo Forms and wider browser support. Microsoft Dynamics v5 is available now.

ACTION REQUIRED

For both Microsoft Dynamics on-premise and online, upgrade to Adobe Sign for Dynamics v5 before July 2017. You will be able to migrate all data from v4 and earlier to the latest version. Version 5 supports Dynamics on-premise 2013, 2015, 2016 and Dynamics online.

For help upgrading to the latest version, contact your Customer Success Manager.

Support for the Adobe Sign integration with Salesforce v14 is ending

Product updates, security updates and technical support for Adobe Sign for Salesforce v14 will end on December 15, 2016.

ACTION REQUIRED

Upgrade to the latest version of our integration with Salesforce. Customers using unsupported versions will be required to upgrade to a current version to continue to receive technical support.

End-of-support for TLS 1.0 and 1.1

In order to meet industry best practices for SSL/TLS security, and for compliance with PCI standards, we will be removing support for TLS 1.0 and 1.1 protocols in 2017 (date to be announced). When TLS 1.0 and 1.1 support is dropped, customers who have not yet upgraded to TLS 1.2 or higher will be unable to access the Adobe Sign service.

ACTION REQUIRED

Upgrade to TLS version 1.2 or higher

Update the security settings on your Single Sign On (SSO) server

Apple has announced the enforcement of App Transport Security (ATS) for all mobile applications submitted to the App Store by the end of 2016. If you have configured your Adobe Sign account to use SSO login, and are using the Adobe Sign iOS mobile app, please ensure that your SSO server supports Apple’s App Transport Security (ATS) security requirements.

ACTION REQUIRED

Update your servers to support Apple’s ATS requirements before December 1, 2016 in order to continue your SSO access to the Adobe Sign iOS application.

Support to end for older Text Tag syntax

The previously communicated date of October 3, 2016 for the end-of-support for older text tag syntax has been postponed to give customers more time to transition to version 2.0 text tag syntax. The new end-of-support date has not been set; however, please be sure that all forms and agreements use the current syntax.

ACTION REQUIRED

Ensure your users are using 2.0 text tag syntax when creating new document templates. Review your library of existing templates that may contain older text tags and update them with the newer 2.0 text tag syntax. If you have an application that uses the old syntax, revise the tags in order to insure your application continues to work once the end of support is in effect. Refer to Creating Forms with Text Tags Reference Guide for details.

Support for the Adobe Sign integration with Microsoft Dynamics v4 and earlier ending in June 2017

Adobe Sign For Microsoft Dynamics v4 and earlier (on premise and online versions) will be discontinued on June 30, 2017. These versions will no longer be available after June. The new version (v5) includes improvements such as using Microsoft Turbo Forms and wider browser support. It is available today.

ACTION REQUIRED

For both Microsoft Dynamics on-premise and online, upgrade to Adobe Sign for Dynamics v5 before July 2017. You will be able to migrate all data from v4 and earlier to the latest version. Version 5 supports Dynamics on-premise 2013, 2015, 2016 and Dynamics online.

For information about upgrading to the latest version, contact your Client Success Manager. 

Support for the Adobe Sign integration with Salesforce v14 is ending

Product updates, security updates and technical support for Adobe Sign for Salesforce v14 will end on December 15, 2016.

ACTION REQUIRED

Upgrade to the latest version of our integration with Salesforce. Customers using unsupported versions will be required to upgrade to a current version to continue to receive technical support.

End-of-support for TLS 1.0 and 1.1

In order to meet industry best practices for SSL/TLS security, and for compliance with PCI standards, we will be removing support for TLS 1.0 and 1.1 protocols in 2017 (date to be announced). When TLS 1.0 and 1.1 support is dropped, customers who have not yet upgraded to TLS 1.2 or higher will be unable to access the Adobe Sign service.

ACTION REQUIRED

Upgrade to TLS version 1.2 or higher

Reminders

Adobe Sign database updated to support 4-Byte Unicode characters

In mid-September, support was added for extended multi-byte character sets as part of the Adobe Sign global expansion and enhanced language support. With this update, the database now supports 4-byte extended Unicode characters.

ACTION REQUIRED

Ensure applications and data storage using Adobe Sign API calls can handle 4-byte characters.
 

Support for RC4 cipher has ended

As of August 20, 2016, Adobe has discontinued support for RC4 cipher encryption. Adobe will continue to monitor RC4 usage and support the transition to other, more secure, ciphers.

There is consensus across the industry that RC4 is no longer cryptographically secure. This announcement aligns with announcements from Oracle, Salesforce, Microsoft, Google and Mozilla, which ended support for RC4 in commercial applications last year.

ACTION REQUIRED

Upgrade hardware or software that rely on RC4 for to communicate with the Adobe Sign service to support an updated cipher suite.
 

Additional IP address ranges for Adobe Sign.

If your existing network or firewall configuration explicitly whitelists the IP addresses for Adobe Sign, update the network configuration settings to include the new IP addresses to ensure continued access to the service. The existing IP addresses will continue to be in service and must not be deleted or removed from your network configuration.

Existing IP Addresses

North America:

166.78.79.112/28
207.97.227.112/28
52.71.63.224/27 (added February 2016)
52.35.253.64/27 (added February 2016)

Europe

52.48.127.160/27 (added February 2016)
52.58.63.192/27 (added February 2016)

Additional IP Addresses
Japan

52.196.191.224/27 (added July 2016)

Australia

52.65.255.192/27 (added July 2016)

Support to end for older Text Tag syntax

The previously communicated date of October 3, 2016 for the end-of-support for older text tag syntax has been postponed to give customers more time to transition to version 2.0 text tag syntax. The new end-of-support date has not been set; however, please be sure that all forms and agreements are using the current syntax.

ACTION REQUIRED

Ensure your users are using 2.0 text tag syntax when creating new document templates. Review your library of existing templates that may contain older text tags and update them with the newer 2.0 text tag syntax. If you have an application that uses the old syntax, revise the tags in order to insure your application continues to work once the end of support is in effect. Refer to Creating Forms with Text Tags Reference Guide for details.

Adobe Sign will be updating its core database to support 4-Byte Unicode characters

In September, support will be added for extended multi-byte character sets as part of the Adobe Sign global expansion and enhanced language support. Currently, Adobe Sign does not send 4-byte characters to your client applications via the API. With this update, the database will be able to support 4-byte extended Unicode characters.

ACTION REQUIRED

Ensure applications and data storage using Adobe Sign API calls will be able to handle 4-byte characters. 

Date change: Support for the Adobe Sign integration for Microsoft Dynamics CRM 2011 (on-premise version) has been changed from September 2016 to June 2017

Microsoft ended mainstream support for Dynamics CRM 2011 on July 12, 2016. Adobe will end support for the Adobe Sign integration with Dynamics CRM 2011 in June 2017.

ACTION REQUIRED

Upgrade to MS Dynamics CRM 2013 or later (on-premise version) or MS Dynamics 365 before June 2017. 

Support for the Adobe Sign integration for Salesforce version 14 is ending

Product updates, security updates and technical support for Adobe Sign services for Salesforce version 14 will end on December 15, 2016.

ACTION REQUIRED

Upgrade to the latest version of our integration with Salesforce. Customers using unsupported versions will be required to upgrade to a current version to continue to receive technical support.

End-of-support for TLS 1.0

In order to meet industry best practices for SSL/TLS security, and for compliance with PCI standards, we will be removing support for the TLS 1.0 protocol in 2017 (date to be announced). When TLS 1.0 support is dropped, customers who have not yet upgraded to at least TLS 1.1 will be unable to access the Adobe Sign service.

ACTION REQUIRED

Upgrade to TLS version 1.1 or higher. Version 1.2 is strongly recommended. We currently support TLS versions 1.1 and 1.2, so customers on 1.0 can upgrade immediately. 

Reminder

As of August 20, 2016, Adobe has ended support for RC4 cipher encryption. While RC4 will continue to be available during TLS fallback negotiations to prevent service interruptions, customers are urged to discontinue its uses as soon as possible. Adobe will continue to monitor RC4 usage and support the transition to other, more secure, cyphers. 

There is consensus across the industry that RC4 is no longer cryptographically secure. This announcement aligns with announcements from Oracle, Salesforce, Microsoft, Google and Mozilla, who ended support for RC4 in commercial applications last year.

ACTION REQUIRED

Upgrade hardware or software that rely on RC4 for communication with the Adobe Sign service to support an updated cipher suite.

Support for RC4 cipher has ended

Additional IP address ranges for Adobe Sign

Adobe Sign services has expanded the service to operate from a new set of IP addresses, in addition to those currently in use.

ACTION REQUIRED

If your existing network or firewall configuration explicitly whitelists the IP addresses for Adobe Sign, in preparation for the additional locations you need to update the network configuration settings to include the new IP addresses to ensure continued access to the service. The existing IP addresses will continue to be in service and must not be deleted or removed from your network configuration.

Existing IP Addresses

North America:

166.78.79.112/28
207.97.227.112/28
52.71.63.224/27 (added February 2016)
52.35.253.64/27 (added February 2016)

Europe

52.48.127.160/27 (added February 2016)
52.58.63.192/27 (added February 2016)

Additional IP Addresses
Japan

52.196.191.224/27 (added July 2016)

Australia

52.65.255.192/27 (added July 2016)

Support for older Text Tag syntax ending

As of October 3, 2016, support will be discontinued for documents created using the older version of the text tag syntax using underscores. The current version, 2.0, text tag syntax has been in use for several years. It enables the creation of form fields supported through the web UI, including creation of conditional form fields, calculated form fields and advanced field validation. Version 2.0 also uses underscores on either side of the ‘es’ identifier. However, other parts of the tag are separated by colons.

Example of older version of text tag syntax:

_es_signer_signature
A signature field assigned to the signer.

address_es_signer
An optional field named ‘address’ assigned to the signer.

Example of version 2.0 of text tag syntax:

Sig_es_:signer:signature
A signature field assigned to the signer.

address_es_:signer
An optional field named ‘address’ assigned to the signer.
 

Existing document templates using the older version of the text tags should be updated to use version 2.0 text tag syntax before October 3, 2016. Refer to Creating Forms with Text Tags Reference Guide for details about the new syntax.

ACTION REQUIRED

Adobe Sign will be updating its core database to support 4-Byte Unicode characters

In August, as part of the Adobe Sign global expansion and language support, the core database will be updated to better support multi-byte character sets. Currently, Adobe Sign does not send 4-byte characters to your client applications via the API. With this update, the database will be able to support 4-byte extended Unicode characters.

ACTION REQUIRED

Ensure applications and data storage using Adobe Sign API calls will be able to handle 4-byte characters. 

Additional IP address ranges for Adobe Sign

Adobe Sign services continues to expand the footprint of the service. The expanded services will operate from a new set of IP addresses beyond those currently in use.

ACTION REQUIRED

If your existing network or firewall configuration explicitly whitelists the IP addresses for Adobe Sign, you need to update your network configuration settings to include the new IP addresses to ensure continued access to the service. The existing IP addresses will continue to be in service and must not be deleted or removed from your network configuration. 

Existing IP Addresses

North America:

166.78.79.112/28
207.97.227.112/28
52.71.63.224/27 (added February 2016)
52.35.253.64/27 (added February 2016)

Europe

52.48.127.160/27 (added February 2016)
52.58.63.192/27 (added February 2016)

Additional IP Addresses
Japan

52.196.191.224/27 (added July 2016)

Australia

52.65.255.192/27 (added July 2016)

Support for RC4 cipher is ending

Support will end for RC4 cipher on all Adobe Sign domains, including *.echosign.com and documents.adobe.com, on August 20, 2016. Customers that use RC4 symmetric encryption for SSL/TLS communication will not be able to connect to any Adobe Sign domain.

ACTION REQUIRED

Applications running on older versions of Java (version 1.6 or lower) that communicate with the Adobe Sign service will encounter SSL/TLS handshake failures. Upgrade to a newer version of Java (version 8 or later) to ensure uninterrupted operations. Provide this information to your IT operations team to confirm whether your organization has other servers or services that rely on RC4 for communication with the Adobe Sign service. If so, upgrade those servers or services to support an updated cipher suite.

Why RC4 is being disabled: The RC4 stream cipher is known to have major vulnerabilities, and most ISVs have started phasing out support for it. For more information, visit these sites:

https://threatpost.com/google-mozilla-microsoft-to-sever-rc4-support-in-early-2016/114498/

http://arstechnica.com/security/2015/03/noose-around-internets-tls-system-tightens-with-2-new-decryption-attacks/

Support for the product integration with Microsoft Dynamics CRM 2011 (on-premise version) will end in September 2016

Microsoft is ending mainstream support for Dynamics CRM 2011 on July 12, 2016. We will end support in September 2016.

ACTION REQUIRED

Upgrade to an Adobe supported on-premise version of Dynamics CRM 2013 or later by October 3, 2016. Customers using unsupported versions will need to upgrade to the latest version in order to avoid disruption in service.

For information about upgrading to the latest version, contact your Client Success Manager

Reminder

Support for the product integration with Microsoft Dynamics CRM 2011 (on-premise version) will end in September 2016

Product updates, security updates and technical support for Adobe Sign services for Salesforce versions 12 and 13 ended on April 30th, 2016.

ACTION REQUIRED

Customers using unsupported versions will need to upgrade to the latest version if they require technical support.

Additional IP address ranges for Adobe Sign

Adobe Sign services continues to expand the footprint of the service. The expanded services will operate from a new set of IP addresses beyond those currently in use.

ACTION REQUIRED

If your existing network or firewall configuration explicitly whitelists the IP addresses for Adobe Sign, in preparation for the additional locations you need to update the network configuration settings to include the new IP addresses to ensure continued access to the service. The existing IP addresses will continue to be in service and must not be deleted or removed from your network configuration.

Existing IP Addresses

North America:

166.78.79.112/28
207.97.227.112/28
52.71.63.224/27 (added February 2016)
52.35.253.64/27 (added February 2016)

Europe

52.48.127.160/27 (added February 2016)
52.58.63.192/27 (added February 2016)

Additional IP Addresses
Japan

52.196.191.224/27 

Australia

52.65.255.192/27

Support for older Text Tag syntax ending

As of October 3, 2016, support will be discontinued for documents created using the older version of the text tag syntax using underscores. The new text tag syntax enables creation of form fields supported through the web UI, including creation of conditional form fields, calculated form fields and advanced field validation.

Example of older version of text tag syntax:

_es_signer_signature
A signature field assigned to the signer.

address_es_signer
An optional field named ‘address’ assigned to the signer.

Example of version 2.0 of text tag syntax:

Sig_es_:signer:signature
A signature field assigned to the signer.

address_es_:signer
An optional field named ‘address’ assigned to the signer.

ACTION REQUIRED

If you have existing document templates with the older version of the Text Tags, please update your document templates to use the new version 2.0 Text Tag syntax before October 3, 2016. Refer to Creating Forms with Text Tags Reference Guide for details about the new syntax.

Adobe Sign will be updating its core database to support 4-Byte Unicode characters

In August, as part of the Adobe Sign global expansion and language support, the core database will be updated to better support multi-byte character sets. Currently, Adobe Sign does not send 4-byte characters to your client applications via the API. With this update, the database will be able to support 4-byte extended Unicode characters.

ACTION REQUIRED

Please review applications and data storage utilizing Adobe Sign API calls to ensure they will be able to handle 4-byte characters

Support for RC4 cipher is ending

Support will end for the RC4 cipher on August 20, 2016. Support will be disabled for the RC4 cipher on all Adobe Sign domains, including *.echosign.com and documents.adobe.com. Customers that use RC4 symmetric encryption for SSL/TLS communication will not be able to connect to all Adobe Sign domains, as the SSL/TLS handshake will fail.

ACTION REQUIRED

Applications running on older versions of Java (version 1.6 or lower) that communicate with the Adobe Sign service will encounter SSL/TLS handshake failures. Upgrade to a newer version of Java (version 8 or later) to ensure uninterrupted operations.

Provide this information to your IT operations team to confirm whether your organization has other servers or services that rely on RC4 for communication with the Adobe Sign service. If so, upgrade those servers or services to support an updated cipher suite.

Why RC4 is being disabled: The RC4 stream cipher is known to have major vulnerabilities, and most ISVs have started phasing out support for it. For more information, visit these sites:

https://threatpost.com/google-mozilla-microsoft-to-sever-rc4-support-in-early-2016/114498/

http://arstechnica.com/security/2015/03/noose-around-internets-tls-system-tightens-with-2-new-decryption-attacks/

Support for the product integration with Microsoft Dynamics CRM 2011 (on-premise version) will end in September 2016

Microsoft is ending mainstream support for Dynamics CRM 2011 on July 12, 2016. We will end support in September 2016.

ACTION REQUIRED

Upgrade your on-premise version to an Adobe-supported version of Dynamics CRM 2013 or later (on-premise) by October 3, 2016. Customers using unsupported versions will need to upgrade to the latest version in order to avoid disruption in service.

For information about upgrading to the latest version, contact your Client Success Manager. 

Reminders

Support for the product integration with Salesforce versions 12 and 13 has now ended

Product updates, security updates and technical support for Adobe Sign services for Salesforce versions 12 and 13 will ended on April 30th, 2016.

ACTION REQUIRED

Customers using unsupported versions will need to upgrade to the latest version if they require technical support.

NetSuite integration release

Adobe has released its latest version of the Adobe Sign integration with NetSuite (v4.0). This version achieved the “Built for Netsuite” certification and meets all the latest NetSuite design best practices.

New features include:

• Auto-provisioning. A new custom preference that allows users who send agreements in NetSuite to be automatically auto-provisioned with an Adobe Sign services user account.
• OAuth 2.0. To improve data security, Adobe Sign now uses OAuth 2.0 to authenticate your account in NetSuite. This improvement will not impact your implementation, but you will need to do a one-time setup to authorize your NetSuite package to communicate with Adobe Sign. 

Support for RC4 cipher is ending

The date support will end for the RC4 cipher has been changed to August 20, 2016.

Support will be disabled for the RC4 cipher on all eSign domains, including *.echosign.com and documents.adobe.com on August 20, 2016. Customers that use RC4 symmetric encryption for SSL/TLS communication will not be able to connect to all eSign domains, as the SSL/TLS handshake will fail.

ACTION REQUIRED

Applications running on older versions of Java (version 1.6 or lower) that communicate with the eSign service will encounter SSL/TLS handshake failures. Upgrade to a newer version of Java (version 8 or later) to ensure uninterrupted operations.

Provide this information to your IT operations team to confirm whether your organization has other servers or services that rely on RC4 for communication with eSign services. If so, upgrade those servers or services to support an updated cipher suite.

Why RC4 is being disabled: The RC4 stream cipher is known to have major vulnerabilities, and most ISVs have started phasing out support for it. For more information, visit these sites:

https://threatpost.com/google-mozilla-microsoft-to-sever-rc4-support-in-early-2016/114498/

http://arstechnica.com/security/2015/03/noose-around-internets-tls-system-tightens-with-2-new-decryption-attacks/

Support for the product integration with Salesforce versions 12 and 13 is ending

Product updates, security updates and technical support for eSign services from Adobe for Salesforce versions 12 and 13 will end on April 30th, 2016. Please upgrade to the latest version in advance to continue to receive support.

ACTION REQUIRED

Customers using unsupported versions will need to upgrade to the latest version if they require technical support.

For information about upgrading to the latest version, contact your Client Success Manager.

Support for the product integration with Microsoft Dynamics CRM 2011 (on-premise version) will end in September 2016

Microsoft is ending mainstream support for Dynamics CRM 2011 on July 12, 2016. We will end support in September 2016.

ACTION REQUIRED

Upgrade your on-premise version to an Adobe-supported version of Dynamics CRM 2013 or later (on-premise) by October 3, 2016. Customers using unsupported versions will need to upgrade to the latest version in order to avoid disruption in service.

For information about upgrading to the latest version, contact your Client Success Manager. 

Reminder

NetSuite integration release

Adobe has released its latest version of the Adobe Document Cloud eSign services integration with NetSuite (v4.0). This version achieved the “Built for Netsuite” certification and meets all the latest NetSuite design best practices.

New features include:

• Auto-provisioning. A new custom preference that allows users who send agreements in NetSuite to be automatically auto-provisioned with an Adobe Document Cloud eSign services user account.
• OAuth 2.0. To improve data security, Adobe Document Cloud eSign services now uses OAuth 2.0 to authenticate your Adobe Document Cloud eSign services account in NetSuite. This improvement will not impact your implementation, but you will need to do a one-time setup to authorize your NetSuite package to communicate with Adobe Document Cloud.

Additional IP address ranges for Adobe Document Cloud eSign services

Adobe Document Cloud eSign services has expanded the footprint of the services with the February Maintenance release. The expanded services will operate from a new set of IP addresses beyond those currently in use.

ACTION REQUIRED

If your existing network or firewall configuration explicitly whitelists the IP addresses for Adobe Document Cloud eSign services, you need to update the network configuration settings to include the new IP addresses to ensure continued access to the services. The existing IP addresses will continue to be in service and must not be deleted or removed from your network configuration.

Existing IP Addresses

North America:

166.78.79.112/28
207.97.227.112/28

Additional IP Addresses

North America:

52.71.63.224/27
52.35.253.64/27

Europe:

52.48.127.160/27
52.58.63.192/27

NetSuite integration release

NetSuite integration release.

Adobe has released its latest version of the Adobe Document Cloud eSign services integration with NetSuite (v4.0). This version achieved the “Built for Netsuite” certification and meets all the latest NetSuite design best practices.

New features include:

• Auto-provisioning. A new custom preference that allows users who send agreements in NetSuite to be automatically auto-provisioned with an Adobe Document Cloud eSign services user account.
• OAuth 2.0. To improve data security, Adobe Document Cloud eSign services now uses OAuth 2.0 to authenticate your Adobe Document Cloud eSign services account in NetSuite. This improvement will not impact your implementation, but you will need to do a one-time setup to authorize your NetSuite package to communicate with Adobe Document Cloud.

Upgrade today to take advantage of all these enhancements. 

RC4 cipher end-of-life

Adobe Document Cloud eSign services is aligning with major software vendors to end support for the RC4 cipher.

Adobe will disable support for the RC4 cipher on the secure.echosign.com server in early 2016. Customers that use RC4 symmetric encryption for SSL/TLS communication will not be able to connect to the secure.echosign.com server, as the SSL/TLS handshake will fail.

ACTION REQUIRED

Enterprise customers are highly encouraged to test custom applications and integrations to ensure they will continue to work seamlessly after this change. Contact your CSM for the test setup.

Known issue: Customers running older versions of Java (version 1.6 or lower) may encounter SSL/TLS handshake failures.

Solution: Upgrade to a newer version of Java (version 8).

Why RC4 is being disabled: The RC4 stream cipher is known to have major vulnerabilities, and most ISVs have started phasing out support for it. For more information, visit these sites:

https://threatpost.com/google-mozilla-microsoft-to-sever-rc4-support-in-early-2016/114498/

http://arstechnica.com/security/2015/03/noose-around-internets-tls-system-tightens-with-2-new-decryption-attacks/

Reminder

Additional IP address ranges for Adobe Document Cloud eSign services

Adobe Document Cloud eSign services has expanded the footprint of the services with the February Maintenance release. The expanded services will operate from a new set of IP addresses beyond those currently in use.

ACTION REQUIRED

If your existing network or firewall configuration explicitly whitelists the IP addresses for Adobe Document Cloud eSign services, you need to update the network configuration settings to include the new IP addresses to ensure continued access to the services. The existing IP addresses will continue to be in service and must not be deleted or removed from your network configuration.

Existing IP Addresses

North America:

166.78.79.112/28
207.97.227.112/28

Additional IP Addresses

North America:

52.71.63.224/27
52.35.253.64/27

Europe:

52.48.127.160/27
52.58.63.192/27

End of life of One Click signing

Notice to customers using One Click as their signature preference: Adobe Document Cloud eSign services stopped supporting One Click signing and upgraded customers to the Standard method of signing on January 15, 2016.

The Standard method of signing provides a simple and streamlined signing experience that has been optimized to work across all devices, including desktops, tablets and smartphones. The signing experience guides the signer through the required fields. The Standard signing method provides a far richer experience for signers than is afforded by One Click signing, including autosaving data entered into the agreement, conditional form fields and field validation.

ACTION REQUIRED

If you have not already switched to the Standard method of signing, choose Account > Account Settings > Signature Preferences and select Standard as the preferred method of signing documents.
 

Placing an electronic transaction ID signature stamp on your documents

Adobe Document Cloud eSign services disabled the “blue border” transaction ID on January 15, 2016. We made this change to provide customers with:

• Larger view of documents
• Flexibility to choose where to place the electronic signature stamp on the document
• Ability to select which documents require the transaction ID

ACTION REQUIRED

To automatically generate a transaction and signature stamp for signed documents, customers using the “blue border” to annotate documents with transaction IDs and participant signature stamps should have updated their documents using text tags or form fields. For more information, see the Text Tag User Guide.

Additional IP Address Ranges for eSign services from Adobe

Adobe Document Cloud eSign services is expanding the footprint of the service effective immediately. The expanded service will operate from a new set of IP Addresses beyond those currently in use by the service. If your existing network or firewall configuration explicitly whitelists the IP Addresses for eSign services, you will need to update the network configuration settings to include these new IP Addresses to ensure continued access to the service.

Existing IP Adresses

North America:

166.78.79.112/28
207.97.227.112/28

Additional IP Addresses

North America:

52.71.63.224/27
52.35.253.64/27

Europe: 

52.48.127.160/27
52.58.63.192/27

Please note: The existing IP addresses will continue to be in service and must not be deleted or removed from your network configuration.
 

End of life of “One Click” signing

Notice to customers using One Click as their signature preference. On January 15, 2016 eSign services will stop supporting One Click Signing and will upgrade everyone to the Standard method of signing.

The Standard method of signing provides a simple and streamlined signing experience that has been optimized to work across all devices, including desktop, tablets and smart phones. The signing experience guides the signer through the required fields. The Standard signing method provides a far richer experience for signers than afforded by One Click Signing, including auto saving data entered into the agreement, conditional form fields, and field validation.

Administrators can switch to the Standard method of signing prior to January 15, 2016 and are strongly encouraged to do so. To switch to using the Standard signing method, go to the Account tab, select “Account Settings”, then to “Signature Preferences” and select “Standard” as the preferred method of signing documents.

Please see the article below if you are currently using the “blue border” to annotate documents with transaction IDs and signature stamps. 

Placing an electronic transaction ID signature stamp on your documents

Notice to customers using an automatically generated transaction and signature stamp for signed documents, which manifests as a blue border around signed documents.

On January 15, 2016, eSign services will disable the “blue border” transaction ID. We are making this change to provide customers with:

• Larger view of documents
• Flexibility to choose where to place the electronic signature stamp on the document
• Ability to select which documents require the transaction ID

Customers currently using the “blue border” to annotate documents with transaction IDs and participant signature stamps have the ability to update their documents using Text Tags or form fields. For more information, see the Text Tag User Guide. 

Date change for RC4 cipher end of life

Adobe Document Cloud eSign services is aligning with major software vendors to end support for RC4 cipher in Q2 2016. We will communicate the specific date in subsequent updates.

Adobe will disable support for RC4 cipher on the secure.echosign.com server in early 2016. Customers that use RC4 symmetric encryption for SSL/TLS communication will not be able to connect to secure.echosign.com server as the SSL/TLS handshake will fail.

Why RC4 is being disabled:

RC4 stream cipher is known to have major vulnerabilities and most ISVs have started phasing out support for it. For more information:

https://threatpost.com/google-mozilla-microsoft-to-sever-rc4-support-in-early-2016/114498/

http://arstechnica.com/security/2015/03/noose-around-internets-tls-system-tightens-with-2-new-decryption-attacks/

Known issue: Customers running older versions of Java 1.6 or lower may encounter SSL/TLS handshake failures. Solution: Upgrade to a newer version of Java 8.

Please note: Enterprise customers are highly encouraged to test custom applications and integrations to ensure they will continue to work seamlessly after this change. Please contact your CSM for the test set‑up. 

Recent updates

Support for IE7 and IE8 ends January 12, 2016

eSign services is aligning with Microsoft's policy on end-of-life for older versions of Internet Explorer. For details, see the Microsoft Lifecycle Support policy for Internet Explorer. Accordingly, as of January 12, 2016 we will no longer support IE7 and IE8. If you are using IE7 or IE8, please update to a current browser as soon as possible. See the list of Adobe supported browsers.

End of life of “One Click” signing

Notice to customers using One Click as their signature preference. On January 15, 2016 Adobe eSign services will stop supporting One Click Signing and will upgrade all customers to the Standard method of signing.

The Standard method of signing provides a simple and streamlined signing experience that has been optimized to work across all devices, including desktop, tablets and smart phones. The signing experience guides the signer through the required fields. The Standard method provides a far richer experience for signers than afforded by One Click Signing, including auto saving data entered into the agreement, conditional form fields, and field validation.

Administrators are encouraged to move to the Standard method of signing prior to January 15. To switch to using the Standard signing method, go to the Account tab, select “Account Settings”, then to “Signature Preferences” and select “Standard” as the preferred method of signing documents.

Please see the article below if you are currently using the “blue border” to annotate documents with transaction IDs and signature stamps. 

Placing an electronic transaction ID signature stamp on your documents.
Date Changed from December 1, 2015 to January 15, 2016

Notice to customers using an automatically generated transaction and signature stamp for signed documents, which manifests as a blue border around signed documents.

On January 15, 2015, Adobe eSign services will disable the “blue border” transaction ID. We are making this change to provide customers with:

• Larger view of documents
• Flexibility to choose where to place the electronic signature stamp on the document
• Ability to select which documents require the transaction ID

Customers currently using the “blue border” to annotate documents with transaction IDs and participant signature stamps have the ability to update their documents using Text Tags or form fields. For more information, see the Text Tag User Guide. 

Support for IE7 and IE8 is ending January 12, 2016

The eSign service is aligning with Microsoft's policy on end-of-life for older versions of Internet Explorer. For details, see the Microsoft Lifecycle Support policy for Internet Explorer. Accordingly, as of January 12, 2016 we will no longer support IE7 and IE8. If you are using IE7 or IE8, please update to a current browser as soon as possible. See the list of Adobe supported browsers. 

Recent updates

Date change for RC4 cipher end of life

Adobe Document Cloud eSign services is aligning with major software vendors to end support for RC4 cipher in early 2016. This is an update to the previously communicated date of November 5.

Adobe will disable support for RC4 cipher on the secure.echosign.com server in early 2016. Customers that use RC4 symmetric encryption for SSL/TLS communication will not be able to connect to secure.echosign.com server as the SSL/TLS handshake will fail.

Why RC4 is being disabled:

RC4 stream cipher is known to have major vulnerabilities and most ISVs have started phasing out support for it. For more information:

https://threatpost.com/google-mozilla-microsoft-to-sever-rc4-support-in-early-2016/114498/

http://arstechnica.com/security/2015/03/noose-around-internets-tls-system-tightens-with-2-new-decryption-attacks/

Known issue: Customers running older versions of Java 1.6 or lower may encounter SSL/TLS handshake failures. Solution: upgrade to a newer version of Java 8.

For API testing, please contact your CSM.
 

Support for IE7 and IE8 is ending January 12, 2016

The eSign service is aligning with Microsoft's policy on end-of-life for older versions of Internet Explorer. For details, see the Microsoft Lifecycle Support policy for Internet Explorer. Accordingly, as of January 12, 2016 we will no longer support IE7 and IE8. If you are using IE7 or IE8, please update to a current browser as soon as possible. See the list of Adobe supported browsers. 

Recent updates

Placing an electronic transaction ID signature stamp on your documents

Notice to customers using an automatically generated transaction and signature stamp for signed documents, which manifests as a blue border around signed documents.

On December 1, 2015, Adobe eSign services will disable the “blue border” transaction ID. We are making this change to provide customers with:

• Larger view of documents
• Flexibility to choose where to place the electronic signature stamp on the document
• Ability to select which documents require the transaction ID

Customers currently using the “blue border” to annotate documents with transaction IDs and participant signature stamps already have the ability to update their documents using Text Tags or form fields. For more information, see the Text Tag User Guide.

New password requirements

We’re strengthening our password requirements. In the near future, you may be asked to update your password to meet the following criteria:

• Passwords must have at least 8 characters and can go up to 100 characters max.
• Password must meet these complexity rules.

1. At least 1 uppercase character

2. At least 1 lowercase character

3. At least 1 digit

4. At least 1 special character (punctuation) except whitespace

• Passwords cannot contain case insensitive username or first name or last name.
• Passwords should not match commonly used passwords such as Password1!

The new password will be rejected if it matches previously used passwords. The number of previous passwords considered now defaults to 10. If your account administrator has explicitly overridden the limit for your account, that will remain in effect.

Please watch for an in-product prompt to update your password when you login to access the service.
 

RC4 cipher end-of-life

Adobe Document Cloud eSign services is aligning with major software vendors to end support for RC4 cipher in early 2016.

Adobe will disable support for RC4 cipher on the secure.echosign.com server in early 2016. Customers that use RC4 symmetric encryption for SSL/TLS communication will not be able to connect to secure.echosign.com server as the SSL/TLS handshake will fail.

Why RC4 is being disabled:
RC4 stream cipher is known to have major vulnerabilities and most ISVs have started phasing out support for it. For more information:

https://threatpost.com/google-mozilla-microsoft-to-sever-rc4-support-in-early-2016/114498/

http://arstechnica.com/security/2015/03/noose-around-internets-tls-system-tightens-with-2-new-decryption-attacks/

Known issues:

Customers running older versions of Java 1.6 or lower may encounter SSL/TLS handshake failures. Solution: upgrade to a newer version of Java 8.

For API testing, please contact your CSM.
 

SSL certificate will be updated Sunday, October 18, 2015

Adobe Document Cloud eSign service is significantly expanding its operations with additional data centers to deliver a higher quality of service & performance for your e-signature transactions and offer a global service presence. To support this expansion, we will be adding more web domains to the existing domains already supported by Adobe eSign.

To support the additional domains, the SSL certificate used by the eSign service will be updated on Sunday, October 18, 2015. The change in the SSL certificate is only limited to public key — there is no change to the underlying cryptographic protocols or scheme or any change to the Root and Intermediate Certificates.

We do not anticipate that this change will impact the vast majority of the customers because web browsers and mobile applications (iOS or Android) will seamlessly validate the new certificates. However, if you have custom built integrations with the Adobe eSign service using either the SOAP or REST-based APIs and if any of these integrations has pinned the existing public key, the integration will need to be updated to include the new public key for server validation before Sunday, October 18, 2015. With a pinned certificate your integration application expects the Adobe eSign service to present a specific SSL certificate with the specific public key. Not updating the certificate will result in the integration being non-functional. Please refer to the end of this document for the public key of the new SSL certificate for the Adobe eSign service.

Public Key.

On Sunday, October 18, 2015, the Adobe eSign SSL certificate will have following public key:

-----BEGIN PUBLIC KEY-----

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyX/qrvtOKHZNMn2KQPEY ay9rBLWdh21c6B0Fv0cIs89DKmlLxRQhuzralVTokMcaqNyJYm01MP1Jj7EySbtk mNjQmGWSFhbGgvPY5mToDNu14IfqaZ5khm2Nnp2IKh9zqt5ENZcBflPJ9oYToiLZ EXnaeQOW4pi+MgTwn0OHz2i+9O5CAa/xxgpxouQhZzkc7dECKZnzXqOcEOHVUs/8 lxYpDHogfQhSQHbZryp4KmrjSLcZeIV94VswOBG/rwbjlSj8bkoPkI3II4ZLW/GH MW390E/4BzuXuh0NO84yRyegfTn6O2mx05ZakzB93+wpRIDauh5Iuah6nXvJe9bn SQIDAQAB

-----END PUBLIC KEY-----

If you are pinning our public key in your integration, please replace the old certificate with this new public key no later than Sunday, October 18, 2015.

For questions please contact the Customer Support at support@echosign.com.

Support for IE7 and IE8 is ending January 12, 2016

The eSign service is aligning with Microsoft's policy on end-of-life for older versions of Internet Explorer. For details, see the Microsoft Lifecycle Support policy for Internet Explorer. Accordingly, as of January 12, 2016 we will no longer support IE7 and IE8. If you are using IE7 or IE8, please update to a current browser as soon as possible. See the list of Adobe supported browsers. 

Placing an electronic transaction ID signature stamp on your documents

Notice to customers using an automatically generated transaction and signature stamp for signed documents, which manifests as a “blue border” around signed documents.

On December 1, 2015, Adobe eSign services will disable the “blue border” transaction ID. We are making this change to provide customers with:

• Larger view of documents
• Flexibility to choose where to place the electronic signature stamp on the document
• Ability to select which documents require the transaction ID

Customers currently using the “blue border” to annotate documents with transaction IDs and signature stamps already have the ability to update your documents using Text Tags or form fields. For more information, see the Text Tag User Guide. 

New password requirements

We’re strengthening our password requirements. In the next few months, you will need to update your password so that it meets the following criteria:

• Passwords must have at least 8 characters and can go up to 100 characters max.
• Password must meet these complexity rules.

1. At least 1 uppercase character

2. At least 1 lowercase character

3. At least 1 digit

4. At least 1 special character (punctuation)

• Passwords cannot contain case insensitive username or first name or last name. Username is defined as the sub string before the @ part in an email address. For usability reasons, this rules applies only if the length of the string is greater than or equal to 3 characters.
• Passwords should not match commonly used passwords like Password1!
• Passwords should not match case sensitive characters in last used 10 passwords.

Please watch for an in-product prompt to update your password when you login to access the service. 

Date change for RC4 cipher end-of-life

Adobe Document Cloud eSign services is aligning with major software vendors to end support for RC4 cipher in early 2016. This is an update to the previously communicated date of November 5, 2015.

Adobe will disable support for RC4 cipher on the secure.echosign.com server in early 2016. Customers that use RC4 symmetric encryption for SSL/TLS communication will not be able to connect to secure.echosign.com server as the SSL/TLS handshake will fail.

Why RC4 is being disabled:

RC4 stream cipher is known to have major vulnerabilities and most ISVs have started phasing out support for it. For more information, see:

https://threatpost.com/google-mozilla-microsoft-to-sever-rc4-support-in-early-2016/114498/

http://arstechnica.com/security/2015/03/noose-around-internets-tls-system-tightens-with-2-new-decryption-attacks/

Known issues:

1. Customers running older versions of Java 1.6 or lower may encounter SSL/TLS handshake failures. Solution: upgrade to a newer version of Java 8.
2. Customer using IE6 on Windows XP will encounter SSL/TLS handshake failures. Solution: Upgrade OS and browser to the ones supported by Document Cloud eSign, IE9 and above, Chrome, Firefox, or Safari.

For API testing, please contact your CSM. 

Recent updates

Correct URL for users to login to the eSign service

Please ensure that you have notified your users with the correct login URL and updated all bookmarks. The login URL for eSign services is https://secure.echosign.com/public/login/