{"id":66771,"date":"2015-03-11T13:27:52","date_gmt":"2015-03-11T13:27:52","guid":{"rendered":"http:\/\/www.esri.com\/arcgis-blog\/products\/product\/uncategorized\/sharing-web-gis-services-always-enable-tls\/"},"modified":"2022-02-16T11:35:39","modified_gmt":"2022-02-16T19:35:39","slug":"sharing-web-gis-services-always-enable-tls","status":"publish","type":"blog","link":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls","title":{"rendered":"Sharing Web GIS Services? Always enable TLS"},"author":3911,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"open","ping_status":"closed","template":"","format":"standard","meta":{"_acf_changed":false,"_searchwp_excluded":""},"categories":[37501],"tags":[24081,24941,24071,24951,24961],"industry":[],"product":[36551,763582],"class_list":["post-66771","blog","type-blog","status-publish","format-standard","hentry","category-administration","tag-ssamymlgp","tag-https","tag-security","tag-ssl","tag-web-gis","product-arcgis-online","product-trust-arcgis"],"acf":{"short_description":"Thousands of public Web GIS services are worthless for enterprise consumption, but there is a simple cure. \u00a0These increasingly worthless...","flexible_content":[{"acf_fc_layout":"content","content":"<p>Thousands of public Web GIS services are worthless for enterprise consumption, but there is a simple cure. \u00a0These increasingly worthless sites are configured without TLS (HTTPS) support.\u00a0 Frequently, the operators of the sites are unaware that their lack of TLS support restricts the consumption of their services.<\/p>\n<p>The issue is that enterprise implementations of Portal for ArcGIS and\/or ArcGIS Online typically enforce requiring TLS for their own services to ensure their information is encrypted while in transport.\u00a0 If the geospatial enterprise wants to mash-up an external service, the external service also needs to utilize TLS, otherwise end users can receive <a href=\"http:\/\/ie.microsoft.com\/testdrive\/Browser\/MixedContent\/Default.html\">mixed content<\/a> messages and\/or failures to display information.<\/p>\n<p><strong>The Cure:<\/strong> If you have a GIS service that you want to share with other organizations (or the public) always ensure that you are at least providing TLS as an option.\u00a0 In other-words, your GIS services should be provided via HTTPS only, OR provide end-users the choice of HTTP\/HTTPS (Never HTTP only).<\/p>\n<p><strong>SSL \/ TLS:<\/strong> I\u2019m sure some people are scratching their heads about our discussion here of TLS (as opposed to SSL), and you will continue to see the terms used interchangeably in documentation and presentations; however to be clear SSL v3 was pronounced dead last year, with the announcement of the IT industry-wide <a href=\"http:\/\/blogs.esri.com\/esri\/arcgis\/2014\/10\/16\/avoid-ssl-poodle-bite\/\">POODLE SSL vulnerability<\/a>.\u00a0 Starting with the ArcGIS 10.3 release, Esri disabled SSL v3 for their web services and moved to utilizing only TLS to support the secure operations of our customers.<\/p>\n<p><strong>Check endpoints: <\/strong>We recommend checking your secure web endpoints for alignment with best practices (such as disabling SSL v3).\u00a0 An easy way to check a site exposed to the Internet is with the <a href=\"https:\/\/www.ssllabs.com\/ssltest\/\">Qualys SSL Labs Server Test<\/a> \u2013 just type in the domain name of interest.\u00a0 Another benefit of this tool is that you can quickly validate whether or not services you are utilizing are vulnerable to the latest SSL\/TLS issue in the media, such as <a href=\"https:\/\/freakattack.com\/\">FREAK <\/a>from just last week, a quick check of ArcGIS Online\u2019s domain of arcgis.com shows that the vulnerable RSA_Export cipher suites are NOT utilized, and therefore ArcGIS Online is NOT vulnerable.<\/p>\n<p><strong>Call to action<\/strong>: Please do your part to help by checking your services and spread the word \u2013 Ask operators of any HTTP only services to at least add HTTPS as an option.\u00a0 A summary of <a href=\"http:\/\/doc.arcgis.com\/en\/trust\/security\/arcgis-server-best-practices.htm\">ArcGIS for Server security best practices<\/a> is available on the Trust site along with references to <a href=\"http:\/\/server.arcgis.com\/en\/server\/latest\/administer\/windows\/best-practices-for-configuring-a-secure-environment.htm#ESRI_SECTION1_DA2DF0991BA5411F84F334A8F2E5E61C\">documentation for how to enable HTTPS<\/a>. <strong>\u00a0<\/strong><\/p>\n<p><strong>The days of providing an HTTP only GIS service ends today, doing this is a key enabler of the Web GIS vision!<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <em>The Security Standards &amp; Architecture Team<\/em><\/p>\n"}],"authors":[{"ID":3911,"user_firstname":"Michael","user_lastname":"Young","nickname":"Michael Young","user_nicename":"myoung1000","display_name":"Michael Young","user_email":"myoung@esri.com","user_url":"http:\/\/trust.arcgis.com","user_registered":"2018-03-02 00:15:29","user_description":"","user_avatar":"<img data-del=\"avatar\" src='https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/12\/SSP-213x200.jpg' class='avatar pp-user-avatar avatar-96 photo ' height='96' width='96'\/>"}],"related_articles":"","card_image":false,"wide_image":false},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.9 (Yoast SEO v25.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Sharing Web GIS Services? Always enable TLS<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Sharing Web GIS Services? Always enable TLS\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls\" \/>\n<meta property=\"og:site_name\" content=\"ArcGIS Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/esrigis\/\" \/>\n<meta property=\"article:modified_time\" content=\"2022-02-16T19:35:39+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@ESRI\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls\"},\"author\":{\"name\":\"Michael Young\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/b1e77881551053100a9cef9dba632678\"},\"headline\":\"Sharing Web GIS Services? Always enable TLS\",\"datePublished\":\"2015-03-11T13:27:52+00:00\",\"dateModified\":\"2022-02-16T19:35:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls\"},\"wordCount\":7,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\"},\"keywords\":[\"ArcGIS Trust Center\",\"HTTPS\",\"Security\",\"SSL\",\"web GIS\"],\"articleSection\":[\"Administration\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls\",\"name\":\"Sharing Web GIS Services? Always enable TLS\",\"isPartOf\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#website\"},\"datePublished\":\"2015-03-11T13:27:52+00:00\",\"dateModified\":\"2022-02-16T19:35:39+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esri.com\/arcgis-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Sharing Web GIS Services? Always enable TLS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#website\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/\",\"name\":\"ArcGIS Blog\",\"description\":\"Get insider info from Esri product teams\",\"publisher\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esri.com\/arcgis-blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\",\"name\":\"Esri\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png\",\"contentUrl\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png\",\"width\":400,\"height\":400,\"caption\":\"Esri\"},\"image\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/esrigis\/\",\"https:\/\/x.com\/ESRI\",\"https:\/\/www.linkedin.com\/company\/5311\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/b1e77881551053100a9cef9dba632678\",\"name\":\"Michael Young\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/12\/SSP-213x200.jpg\",\"contentUrl\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/12\/SSP-213x200.jpg\",\"caption\":\"Michael Young\"},\"sameAs\":[\"http:\/\/trust.arcgis.com\"],\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/author\/myoung1000\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Sharing Web GIS Services? Always enable TLS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls","og_locale":"en_US","og_type":"article","og_title":"Sharing Web GIS Services? Always enable TLS","og_url":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls","og_site_name":"ArcGIS Blog","article_publisher":"https:\/\/www.facebook.com\/esrigis\/","article_modified_time":"2022-02-16T19:35:39+00:00","twitter_card":"summary_large_image","twitter_site":"@ESRI","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls#article","isPartOf":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls"},"author":{"name":"Michael Young","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/b1e77881551053100a9cef9dba632678"},"headline":"Sharing Web GIS Services? Always enable TLS","datePublished":"2015-03-11T13:27:52+00:00","dateModified":"2022-02-16T19:35:39+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls"},"wordCount":7,"commentCount":0,"publisher":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization"},"keywords":["ArcGIS Trust Center","HTTPS","Security","SSL","web GIS"],"articleSection":["Administration"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls","url":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls","name":"Sharing Web GIS Services? Always enable TLS","isPartOf":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#website"},"datePublished":"2015-03-11T13:27:52+00:00","dateModified":"2022-02-16T19:35:39+00:00","breadcrumb":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-online\/administration\/sharing-web-gis-services-always-enable-tls#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esri.com\/arcgis-blog\/"},{"@type":"ListItem","position":2,"name":"Sharing Web GIS Services? Always enable TLS"}]},{"@type":"WebSite","@id":"https:\/\/www.esri.com\/arcgis-blog\/#website","url":"https:\/\/www.esri.com\/arcgis-blog\/","name":"ArcGIS Blog","description":"Get insider info from Esri product teams","publisher":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esri.com\/arcgis-blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization","name":"Esri","url":"https:\/\/www.esri.com\/arcgis-blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png","contentUrl":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png","width":400,"height":400,"caption":"Esri"},"image":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/esrigis\/","https:\/\/x.com\/ESRI","https:\/\/www.linkedin.com\/company\/5311\/"]},{"@type":"Person","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/b1e77881551053100a9cef9dba632678","name":"Michael Young","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/image\/","url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/12\/SSP-213x200.jpg","contentUrl":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/12\/SSP-213x200.jpg","caption":"Michael Young"},"sameAs":["http:\/\/trust.arcgis.com"],"url":"https:\/\/www.esri.com\/arcgis-blog\/author\/myoung1000"}]}},"text_date":"March 11, 2015","author_name":"Michael Young","author_page":"https:\/\/www.esri.com\/arcgis-blog\/author\/myoung1000","custom_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2025\/08\/Newsroom-Keyart-Wide-1920-x-1080.jpg","primary_product":"ArcGIS Online","tag_data":[{"term_id":24081,"name":"ArcGIS Trust Center","slug":"ssamymlgp","term_group":0,"term_taxonomy_id":24081,"taxonomy":"post_tag","description":"","parent":0,"count":96,"filter":"raw"},{"term_id":24941,"name":"HTTPS","slug":"https","term_group":0,"term_taxonomy_id":24941,"taxonomy":"post_tag","description":"","parent":0,"count":6,"filter":"raw"},{"term_id":24071,"name":"Security","slug":"security","term_group":0,"term_taxonomy_id":24071,"taxonomy":"post_tag","description":"","parent":0,"count":124,"filter":"raw"},{"term_id":24951,"name":"SSL","slug":"ssl","term_group":0,"term_taxonomy_id":24951,"taxonomy":"post_tag","description":"","parent":0,"count":3,"filter":"raw"},{"term_id":24961,"name":"web GIS","slug":"web-gis","term_group":0,"term_taxonomy_id":24961,"taxonomy":"post_tag","description":"","parent":0,"count":19,"filter":"raw"}],"category_data":[{"term_id":37501,"name":"Administration","slug":"administration","term_group":0,"term_taxonomy_id":37501,"taxonomy":"category","description":"","parent":0,"count":422,"filter":"raw"}],"product_data":[{"term_id":36551,"name":"ArcGIS Online","slug":"arcgis-online","term_group":0,"term_taxonomy_id":36551,"taxonomy":"product","description":"","parent":0,"count":2419,"filter":"raw"},{"term_id":763582,"name":"ArcGIS Trust Center","slug":"trust-arcgis","term_group":0,"term_taxonomy_id":763582,"taxonomy":"product","description":"Reserved for articles authored by the ArcGIS Trust Center team","parent":36981,"count":86,"filter":"raw"}],"primary_product_link":"https:\/\/www.esri.com\/arcgis-blog\/?s=#&products=arcgis-online","_links":{"self":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog\/66771","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/users\/3911"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/comments?post=66771"}],"version-history":[{"count":0,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog\/66771\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/media?parent=66771"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/categories?post=66771"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/tags?post=66771"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/industry?post=66771"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/product?post=66771"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}