We are making some changes to the list of supported ciphers, and will be removing the ability to connect using outdated ciphers.
Why are we doing this?
To ensure that we are providing the highest levels of privacy and data integrity, we periodically review our TLS cipher usage and align with any recommendations provided by NIST.
What are we changing?
NIST recommends avoiding cipher suites that don't support forward secrecy. (Full NIST guidelines are available at https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf.)
All of our existing cipher suites support forward secrecy, with one exception: TLS_RSA_WITH_AES_128_GCM_SHA256
After analyzing our customers' cipher usage, we've determined that deprecating and removing this cipher will have minimal impact on the vast majority of customers.
When is this happening?
Connections attempting to reach xMatters using the TLS_RSA_WITH_AES_128_GCM_SHA256 cipher will be rejected as of February 1, 2022.
How can you prepare?
As mentioned, the vast majority of our customers will not be affected by this change.
Our customer support agents and customer success managers are currently reaching out directly to the few customers still using this cipher to ensure that they can transition to alternate connection methods.
If you have further questions about this change, please contact Customer Support.
This change has been implemented. Connections attempting to reach xMatters using the TLS_RSA_WITH_AES_128_GCM_SHA256 cipher will be rejected.