Our aim:
Following the completion of the first stage of security upgrades concerning TLS 1.0 protocols, we will be deprecating the additional end-of-life protocols and associated vulnerabilities on 5th September 2022. Any environment that still uses TLS 1.1 after it has been deprecated will no longer be able to access the Fredhopper APIs.
Customer actions
This work will impact all of the Fredhopper APIs. Therefore, you may be required to make necessary adjustments in your integration systems to ensure uninterrupted service.
We are committed to these dates to ensure that our platform is as secure as it can be. To avoid this service interruption, we urge customers to update their client library to support the newer TLS protocols and respected ciphers.
No further impact is expected, but please log a ticket with us if you notice any issues.
Dates of upgrades
Stage 2 - 5th September 2022
What is being changed:
Stage 2
- Supported protocols: TLS 1.2, TLS 1.3 (we will enable TLS 1.3 protocols in this stage).
- Unsupported ciphers (deprecated):
| TLS 1.1 (suites in server-preferred order) | |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 256 |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 128 |
| TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK | 256 |
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) WEAK | 256 |
| TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK | 128 |
| TLS_RSA_WITH_SEED_CBC_SHA (0x96) WEAK | 128 |
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) WEAK | 128 |
| TLS_RSA_WITH_IDEA_CBC_SHA (0x7) WEAK | 128 |
| TLS 1.0 (suites in server-preferred order) | |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072 bits RSA) FS WEAK |
256 |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bits RSA) FS WEAK |
128 |
| TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK |
256 |
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) WEAK | 256 |
| TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK |
128 |
| TLS_RSA_WITH_SEED_CBC_SHA (0x96) WEAK |
128 |
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) WEAK | 128 |
| TLS_RSA_WITH_IDEA_CBC_SHA (0x7) WEAK | 128 |
Preparation and mitigation steps
We have taken the following measures to prevent any downtime:
- Additional automation to remove human error risks.
- Further automated tests where applicable.
We will be providing regular updates in the Service Notifications section, so ensure you are following it to receive reminders.
Comments
0 comments
Please sign in to leave a comment.