SSL changes and updates

To help keep up with security trends and threats, growing privacy concerns, and emerging technologies, we're updating our SSL infrastructure in conjunction with our overall hosting service improvements. These changes involve removing the ability to connect using out-dated SSL ciphers.

What's changing?

Once the hosting service improvements are complete in your region, only the following SSL ciphers will still be permitted:

  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

The following, weaker ciphers are no longer accepted, and connections using them will be refused:

  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA

How do you get ready?

There are two primary areas of concern:

  • Java: If you are using a current, up-to-date version of Java to run the EPIC data sync tool and/or your Integration Agent applications, there should be no further action required. If you are running an older version, you may need to update your Java security files to not allow the weaker ciphers listed above.
  • REST requests: If you are using cURL (or PHP or another scripting language) to submit REST requests, make sure you update your cURL (or NSS libraries) to the latest version.

How long do you have?

These changes will coincide with the hosting service improvements in your region, as described in the schedule. To avoid any potential issues or complications, we highly recommend checking your configuration and performing any required steps now. If you encounter any questions or issues during these changes, contact xMatters Client Assistance.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk