Sign inStart free trial

Guides22 January 2026

How to test if you will be affected by upcoming TLS and SNI changes

Addressfinder is moving to more secure, modern Transport Layer Security (TLS) configurations. On 5 March 2026, we are retiring support for TLSv1.0 and TLSv1.1 and will require Server Name Indication (SNI) for all HTTPS connections to the Addressfinder API.

What's changing?

On 5 March 2026, we are retiring support for TLSv1.0 and TLSv1.1 and will require SNI for all HTTPS connections to the Addressfinder API. This allows us to move to more secure, modern TLS configurations.

Connections that do not support at least TLSv1.2 or do not support SNI will no longer be accepted.


Why we’re making this change

TLSv1.0 and TLSv1.1 are no longer considered secure and supporting non-SNI connections prevents us from enabling modern TLS features.

This change aligns Addressfinder with current security best practices and improves security for all customers.


Who will this affect?

On 5 March 2026, we will retire support for TLSv1.0 and TLSv1.1 and require SNI for all HTTPS connections to the Addressfinder API. Most customers will not be affected by this change.

You will not be affected if you use our JavaScript widget or other client browser-based integrations.

You may be affected if your application accesses the Addressfinder API using software or infrastructure that does not support at least TLSv1.2 or does not support Server Name Indication (SNI). This could be the case when you use:

  • Older server-side client libraries or runtimes without SNI support, or
  • Proxy services where SNI support is disabled

Modern operating systems, runtimes, and HTTP client libraries generally support SNI by default.


How to test your setup

Most customers will not be affected by this change. If you believe you might be, try the following:

1. Check for errors during the monitoring window

  • Monitoring window: 25 February 2026, 9am–1pm NZST
  • We will temporarily enforce the new TLS/SNI requirements for a four-hour window and closely monitor traffic and error rates from our side
  • We will also proactively contact customers we believe may be experiencing connection issues
  • We recommend keeping an eye on your own logs during this time
  • This allows you to observe real-world behaviour and check logs without the change being permanent

2. Test your setup with a temporary test-only API endpoint

To help customers validate compatibility ahead of time, we’ve made a temporary test-only API endpoint available:

https://sni-test.api.addressfinder.io/

This endpoint behaves like our production API but does not support TLSv1.0, TLSv1.1 or non-SNI connections.

2a. Proxy-only check:

If you use a proxy, you can test connectivity by making a request through your proxy to:

curl https://sni-test.api.addressfinder.io/monitoring/check
2b. Full application test:

If you want to fully validate your integration, you can temporarily configure your server-side application to use the test endpoint and exercise your normal API usage.


Once testing is complete, remember to switch your application back to the existing production endpoint.


Need help or unable to enable SNI?

Please get in touch with us as soon as possible if you:

  • Cannot enable SNI
  • Believe this change may impact your service

We can work with you to discuss a custom solution while you complete your transition.