Our aim:
As part of our regular maintenance and security improvements, we will be deprecating end-of-life protocols and associated vulnerabilities. Any environment that still uses TLS 1.0 after it has been deprecated will no longer be able to access the Fredhopper APIs.
Customer actions
This work will impact all of the Fredhopper APIs. Therefore, you may be required to make necessary adjustments in your integration systems to ensure uninterrupted service.
We are committed to these dates to ensure that our platform is as secure as it can be. To avoid this service interruption, we urge customers to update their client library to support the newer TLS protocols and respected ciphers.
No further impact is expected, but please log a ticket with us if you notice any issues.
Dates of upgrades
We will be carrying out these changes on two separate occasions this year:
Stage 1 - 3
What is being changed:
Stage 1
- Supported protocols: TLS 1.1 and TLS 1.2.
- Unsupported ciphers (deprecated):
| TLS 1.0 (suites in server-preferred order) | |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072 bits RSA) FS WEAK |
256 |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bits RSA) FS WEAK |
128 |
| TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK |
256 |
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) WEAK | 256 |
| TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK | 128 |
| TLS_RSA_WITH_SEED_CBC_SHA (0x96) WEAK | 128 |
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) WEAK | 128 |
| TLS_RSA_WITH_IDEA_CBC_SHA (0x7) WEAK | 128 |
Preparation and mitigation steps
We have taken the following measures to prevent any downtime:
- Additional automation to remove human error risks.
- Further automated tests where applicable.
We will be providing regular updates in the Service Notifications section, so ensure you are following it to receive reminders.
Comments
0 comments
Please sign in to leave a comment.