Upcoming Change to Supported TLS Ciphers

Notice of scheduled removal of supported TLS cipher suites

Upcoming Change to Supported TLS Ciphers

Stuart Runyan 09.16.2022

TL;DR

Weak ciphers, which can cause security concerns (though represent a very small subset of our clients' web traffic), have been identified and will no longer be supported by Zesty.io. What this means for your business is that:

  • We are adding extra security

  • You should update your browsers and operating system

  • The change is transparent to your website visitors

  • You will not need to make any changes or take any action beyond potentially updating your web browser. This change will not affect your business operations.

Ciphers to be removed by Zesty

On Monday 26th September at 12 PM PDT the Zesty.io CDN will be changed to remove support for the following legacy weak ciphers.

  • AES128-GCM-SHA256 = TLS_RSA_WITH_AES_128_GCM_SHA256

  • AES128-SHA = TLS_RSA_WITH_AES_128_CBC_SHA

  • AES256-SHA = TLS_RSA_WITH_AES_256_CBC_SHA

  • ECDHE-RSA-AES128-SHA256 = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

  • ECDHE-RSA-AES256-SHA384 = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

  • ECDHE-RSA-AES128-SHA = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

  • ECDHE-RSA-AES256-SHA = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

What does this mean for you?

Not much. It will be a transparent process that does not require any work on your part, but it does mean that clients (e.g. Web Browsers) that still use these weak ciphers will not be able to securely connect to your domains. 

We have been monitoring traffic over the past 30 days to assess the usage of the weak ciphers set for removal. Domains with requests using weak ciphers represented a very small percentage of their overall traffic. Most range between 0.03% - 0.003% of traffic using weak ciphers. 

The important aspect to think through is if you have automated systems that are using older browser versions. Do you have visual regression testing with Internet Explorer? Wrote a script years ago using an older version of OpenSSL? These would be affected by this change and would need to be updated to newer versions.

When is this occurring?

Monday 26th September at 12 PM PDT

What is the issue?

TLS

TLS is an abbreviation for Transport Layer Security. It facilitates secure communication on top of HTTP. TLS ensures that Internet traffic is private between you and a website.

Ciphers

The TLS technology contains a list of encryption ciphers. Your browser negotiates which cipher suite to use with the website. Your browser will negotiate the most secure cipher available to you and the website.

Why?

Certain ciphers are no longer acceptable for modern use. Security researchers identified methods to decrypt TLS sessions with certain ciphers. This does not mean the Internet is completely done for! There are modern, secure ciphers available for use today, which you’re probably using to make video calls in your browser right now.

TLS Downgrade Attack

Certain malicious parties may “downgrade” your session to a weaker cipher. After the configuration is complete this type of attack is impossible because Zesty will not accept vulnerable ciphers.

Zesty's Focus

Zesty.io works to keep customer data private and secure. The change in Transport Layer Security Ciphers will be another step in preventing malicious parties from intercepting sensitive data as it travels to and from our service.

Questions? Please contact your dedicated account manager.

Experience a Headless Content Management System, Join Zesty.io.


Start a Sandbox Now

More from Mindshare:

Placeholder image

Cypress Testing: Pointer CSS media feature

This post aims to provide a few methods for debugging issues you might run into during testing with the Cypress

Read Article
Placeholder image

Announcing the New Zesty Media App Experience

We are proud to share we will be releasing a brand new Media App experience. Here is a sneak peek

Read Article
Placeholder image

How to A/B test on your website with a headless CMS

Learn how to leverage unique URL parameters to A/B test landing pages

Read Article
Placeholder image

Zesty.io releases metrics API dashboard to provide clients with transparent view into their request data

Learn more about the metrics API dashboard and how request data can inform decision-making

Read Article
Stuart Runyan photo

Stuart Runyan

VP of Engineering, Zesty.io

Developing web technologies is my passion! I'm focused on creating applications and experiences to solve the problems which today's digital marketers face. I believe in web standards, a mobile first approach, access for everyone, open source software and the democratization of information. My goal is to continue the Internet being... Learn More

Exploring content solutions? Looking to replatform?