Thursday 1st September 2022

TLS Cipher Adjustment, scheduled 2 years ago

Date/Time

  • Date / Time: 05/09/21 10:15 BST

Actions

As per notifications sent in July, we will be adjusting the default TLS Ciphers defined on all stack load balancers.

The change removes the usage of RSA and weaker AES-CBC ciphers in order to meet security and PCI requirements.

Impact

The change will mean that the following clients and operating systems will be unable to communicate via HTTPS with the server:

  • Internet Explorer 11 on Windows Phone 8.1 or lower
  • Internet Explorer 11 on Windows 8.1 or lower
  • Safari 8 on Mac OS X 10.10 or lower
  • Safari 8 on iOS 8.4 or lower

If this isn't possible, then please get in touch and we can ensure that these ciphers remain enabled on your stack however, please be aware that you will need sufficient justification for the usage of weaker ciphers in order to pass PCI scans.