# News: Articles for #SSL

TLS 1.0 and TLS 1.1 support by the webhook notification source will be discontinued at the end of January 2021

The following updates are planned for the LINE Platform, the source of webhook notifications for the Messaging API.

If you are using a webhook, please confirm communication from the new environment during the transition period.

What is a webhook?

A webhook is one of the features of LINE's Messaging API. It's a system in which the LINE Platform notifies the bot server of the provider (corporate or developer) of events such as adding friends and sending messages via HTTPS POST requests.

You can specify the bot server to which you want to be notified of webhooks by specifying the webhook URL in the LINE Developers Console. For more information on webhooks, see Receiving messages (webhooks) in the Messaging API documentation.

# Supported SSL/TLS protocol versions

We no longer support TLS 1.0 and TLS 1.1.

See the table below for the differences before and after the transition.

Protocol version Before transition After transition
TLS 1.3
TLS 1.2
TLS 1.1
TLS 1.0
SSL 3.0
SSL 2.0

# Supported HTTP versions

See the table below for differences before and after the transition.

HTTP version Before transition After transition
HTTP/2
HTTP/1.1
HTTP/1.0

# Supported root certification authorities

Webhook URLs (the bot server to which webhooks are notified) must be configured with an SSL/TLS certificate issued by a trusted certification authority. Self-signed certificates aren't allowed.

See the table below for differences before and after the transition.

Before transition After transition
Available SSL/TLS Certificates An SSL/TLS certificate issued by a "Certificate authority trusted by LINE" SSL/TLS certificates issued by a root certification authority that's widely trusted by most browsers

The "Certificate authority trusted by LINE" list will be removed at the end of the transition period.

# Transition period

October 6, 2020 - January 31, 2021 JST (GMT+9)

# Impact

If you're using Messaging API webhooks, we recommend that you use one of the following methods during the migration period to verify that the new LINE Platform can be used to communicate with the bot server.

# Verification method 1: Verify with an endpoint for webhook URL validation

Please verify the connection by using the endpoint for webhook URL test.

Return status code 200 for the communication request
  • The LINE Platform sends an HTTP POST request that doesn't include a webhook event to the webhook URL (bot server) to confirm communication. Design your bot server to return status code 200.

    Example HTTP POST request without a webhook event:

    {
        "destination": "xxxxxxxxxx",
        "events": []
    }
    

# Verification method 2: Use the webhook URL's "Verify" button in the LINE Developers Console

In the LINE Developers Console, click the Webhook URL's "Verify" button to perform the verification.

send target

The webhook URL's "Verify" button will be available soon

The Webhook URL's "Verify" button will soon be able to confirm communication from the environment after migration.

We will inform you when it becomes available.

LINE will continue to improve the quality of its services to prevent future outages. Thank you for your understanding.

Certificate authority that can be used in the Webhook URL added

The webhook URL must use HTTPS and have an SSL certificate issued by a certificate authority trusted by LINE.

The following certificate authorities have been added to the list of certificate authorities trusted by LINE.

CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW

For more information on configuring Webhook URL settings, see Webhook URL settings.

LINE's APIs will support HTTP/2

LINE's APIs will support HTTP/2.

# Domain names subject to the update

  • api.line.me
  • api-data.line.me
  • access.line.me

# Supported HTTP versions

See this table for the differences before and after the update:

HTTP version Before update After update
HTTP/2
HTTP/1.1
HTTP/1.0

# Scheduled date of change

August 4, 2020 12:00 ~ 16:00 JST (GMT+9)

# Impact

If you are using any of the above APIs, please confirm that your app can communicate using the updated supported HTTP versions.

Due to this update, when using the above APIs from clients that support HTTP/2 or TLS 1.3, the handshake overhead is reduced and the connection efficiency is improved.

To use the latest protocols such as HTTP/2 and TLS 1.3, we recommend upgrading your development environment such as JDK and other development languages and LINE SDK to the latest versions.

# Other changes

For access the APIs from outside Japan, these 2 changes are made in addition to the above.

We will continue to improve the quality of the services we provide to our developers and we greatly appreciate your understanding.

LINE API's SSL root certificate authority has been changed

Added July 30, 2020

For access to the APIs from outside of Japan, the root certification authority will be changed after August 4, 2020. For more information, see the news on July 30, 2020, LINE's APIs will support HTTP/2.

We've changed the SSL certificate used in LINE's API servers. As a result, we've changed the root certificate authority from DigiCert to GlobalSign.

# Domain names subject to this change

  • api.line.me
  • api-data.line.me
  • access.line.me

# Date and time of change

  • For access from Japan: July 10, 2020 17:17 ~ 17:54 JST (GMT+9)
  • For access from outside Japan: August 4, 2020 12:00 ~ 16:00 JST (GMT+9)

# Impact

Due to this update, if an SSL communication problem occurs on the client side using the LINE API, it is possible that the corresponding root certificate (GlobalSign Root R3) does not exist.

If you observe this problem, please update the root certificate to the latest version on the client side using the API.

We will continue to improve the quality of the services we provide to our developers and we greatly appreciate your understanding.

LINE's APIs now support TLS 1.3

Added July 30, 2020

For access to the APIs from outside Japan, TLS 1.3 will be available after August 4, 2020. For more information, see the news on July 30, 2020, LINE's APIs will support HTTP/2.

LINE's APIs now support TLS 1.3.

# Domain names subject to the update

  • api.line.me
  • api-data.line.me
  • access.line.me

# SSL/TLS supported protocol versions

See this table for the differences before and after the update:

Protocol version Before update After update
TLS 1.3
TLS 1.2
TLS 1.1
TLS 1.0
SSL 3.0
SSL 2.0

# Impact

If you are using any of the above APIs, please confirm that your app can communicate using the updated supported protocol versions.

# Transition period

  • For access from Japan: TLS 1.3 is available after July 1, 2020.
  • For access from outside Japan: TLS 1.3 is available after August 4, 2020.

Support for TLS 1.0 and TLS 1.1 will be discontinued in the future. The discontinuation schedule is undecided. We will make an announcement as soon as it is decided.

We will continue to improve the quality of the services we provide to our developers and we greatly appreciate your understanding.