Enhancing Security for Agreements: Acrobat Sign Transport Layer Security (TLS)

Acrobat Sign strives to uphold the highest standards for security with an objective to keep agreements and signatures safe during and after e-signature processes. A key component of this security is the use of Transport Layer Security (TLS), which plays a vital role in the document lifecycle by protecting data as it moves across networks. TLS helps safeguard Acrobat Sign agreements during transmission by encrypting the communication channels and preventing unauthorized access or tampering. For example, when agreements are sent via email, received, and signed, TLS helps to ensure their security throughout these processes. This is especially important for Acrobat Sign users, as it keeps sensitive information confidential and intact throughout the signing process, reinforcing trust and compliance in every digital transaction. 

Why TLS is Important 

The primary purpose of TLS is to establish a secure channel between a client and a server – in this case, between Acrobat Sign and the users or systems that interact with it. Here’s why TLS is essential: 

• Encryption: Acrobat Sign uses TLS encryption at every stage to secure user data. When users log in and upload documents, TLS protects their credentials and the content during transit. Throughout the signing workflow, all communications are encrypted to maintain confidentiality. Even event notifications including status updates are sent via TLS-encrypted channels. 

• Data Integrity: By employing cryptographic hash functions, Acrobat Sign uses TLS to ensure that agreements remain untampered during transit. 

• Authentication: Acrobat Sign uses TLS to authenticate the identities of communicating parties, helping to reduce the risk of man-in-the-middle attacks. By supporting mutual TLS during event notifications, we securely transmit messages to their intended recipients.  

• Privacy: Acrobat Sign leverages TLS to maintain the confidentiality of user data by safeguarding personal information, financial transactions, and sensitive communications. 

TLS in Acrobat Sign 

Acrobat Sign uses TLS in all its network communications. TLS secures not just the connection to our Acrobat Sign Web Portal, but also the end-to-end user experience when reviewing and signing an agreement. Furthermore, it can send out notifications for any agreement related events, including Request to Sign, Reminder, or Completion.  

TLS 1.2 Improvements 

The security of TLS 1.2 depends on the strength of "cipher suites.” A cipher suite is comparable to a set of tools that help determine how data is protected when sent through the internet. Imagine it as choosing a combination of locks and keys to keep your information safe from prying eyes. Some cipher suites use older methods that are not as secure. For instance, certain cipher suites might use outdated encryption techniques or weaker hashing algorithms (which help verify data integrity). 

Acrobat Sign is a multi-tenant web application that supports millions of customers. Our approach is to support the strongest cipher suites without breaking our existing customer's flow. Here are two examples of weak cipher suites categories that customers should consider removing: 

1. Cipher suites using static keys: Static key ciphers lack Perfect Forward Secrecy (PFS). Without PFS, if a private key is compromised, all past communications encrypted with that key become vulnerable to decryption. With advances in Post Quantum Cryptography, this "Capture then decrypt" vulnerability with static key ciphers can become a serious issue. 
2. Cipher suites using SHA1 hash: SHA-1 hashing algorithm are considered insecure due to known collision vulnerabilities, making them susceptible to attacks that can undermine data integrity. 

Working with Customers 

As Acrobat Sign moves toward more advanced TLS methods, Adobe strives to keep customers in the loop by proactively identifying customers using weaker cipher suites and assisting them to move to strong ciphers. Using this method, any weak ciphers have been proactively removed without impacting customers. 

What's next? - TLS 1.3  

TLS 1.3 is the latest version of the Transport Layer Security protocol, bringing significant improvements in both performance and security. It streamlines the handshake process, reduces latency, and eliminates outdated cipher suites that could be vulnerable to attacks. One of the key advantages of TLS 1.3 is its forward-thinking design, which makes it more adaptable to new cryptographic technologies. Acrobat Sign supports TLS1.3 but continues to support TLS 1.2 as many organizations have not yet upgraded to TLS 1.3. 

Post-Quantum Cryptography (PQC) 

There is growing interest in integrating Post-Quantum Cryptography (PQC) algorithms into TLS. PQC algorithms are designed to be secure against the potential threats posed by quantum computers, which could break current encryption methods. By adopting TLS 1.3 and supporting PQC algorithms, the security of data transmissions can be further enhanced to protect itself against future quantum-based attacks.  

Conclusion 

The Acrobat Sign Team is proactively engaged to maintain a high bar for its data and communication security to protect their customers. By adopting the latest security technologies and enforcing up-to-date protocols, Adobe guides customers to meet the same high standards by helping them protect the confidentiality, integrity, and privacy of their data.  

For more information about Acrobat Sign’s security posture and controls, please review the Adobe Acrobat Sign Security Overview Whitepaper.