Gigya Job Openings

Page History

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Open Gigya’s Admin Console in the “Site Settings” page
  2.  Make sure all domains that are related to your Social Login flow are listed under “Trusted Site URLs”:

  3. Repeat for any relevant sites (API keys)

Show If
groupgigya

Include Page
Template Internal Notice Box 3 Do Not Share Basic
Template Internal Notice Box 3 Do Not Share Basic

Note
titleInternal Note

 The following information is internal. This change, originally scheduled for April 10, 2019, has been postponed to a yet unknown date.

End of Support for Legacy SSL Ciphers 

Gigya is removing support for legacy SSL protocols TLS 1.0 and TLS 1.1, which are no longer considered secure. Going forward, we will be supporting TLS protocols 1.2 and 1.3. This change will be rolled out to our staging environment on March 25, 2019, and to production on April 10, 2019.

The following ciphers will be removed from Gigya's US1, EU1 and AU1 data centers:The following list includes the ciphers we will be supporting in Gigya's US1, EU1 and AU1 data centers:
ECDHE-ECDSA-AES128-SHAECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-SHAECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHAECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-SHAECDHE-RSA-AES128-GCM-SHA256
AES128-GCM-SHA256ECDHE-ECDSA-AES256-SHA384
AES128-SHA256ECDHE-RSA-AES256-SHA384
AES128-SHAECDHE-ECDSA-AES128-SHA256
AES256-GCM-SHA384ECDHE-RSA-AES128-SHA256
AES256-SHA256ECDHE-ECDSA-CHACHA20-POLY1305
AES256-SHAECDHE-RSA-CHACHA20-POLY1305
 TLS13-AES-256-GCM-SHA384
 TLS13-AES-128-GCM-SHA256
 TLS13-AES-128-CCM-8-SHA256
 TLS13-AES-128-CCM-SHA256
 TLS13-CHACHA20-POLY1305-SHA256

Who Will Be Affected: Any customer using any of the SSL ciphers in the first column above to connect to Gigya's APIs over HTTPS.

Impact: If you are connecting to Gigya’s APIs over HTTPS and your web browser or server relies on one of the above mentioned ciphers, without support for a newer cipher, then a connection will not be established. In this instance, HTTPS API calls to Gigya will not succeed.

Why: To enhance security of Gigya API calls.

Action Required: We believe it is unlikely that any customer will be impacted. However, these SSL changes will be made in the Gigya staging environment on March 25 and we recommend that you test your implementation at that time.

FAQ'S Regarding This Change:

  • What can I do to see if I will be affected and how can I prepare for these changes? 
    Your IT team can verify that your server supports at least one of the supported ciphers listed above. You can then verify this in Gigya’s Staging environment.
  • Why are these ciphers considered insecure? 
    Older protocols which are currently supported by Gigya's servers are marked as insecure. Use of these protocols is considered insecure, since an attacker can theoretically sniff the communications and potentially crack the encryption.
  • How could I check / ask my IT team to check if we are affected (without loading staging)? Is there some type of config file? 
    In order to work with HTTPS, there's a negotiation phase in which the client / server agrees on the protocol for the communication. In order to verify that the change will be transparent, you will need to verify that you are supporting at least one of ciphers which are on the list of our supported ciphers above. Note that all recent browsers support ciphers that will work well with our environment.

Include Page
Template Internal Notice Box 5 Footer End Of Internal Content
Template Internal Notice Box 5 Footer End Of Internal Content

Monday, April 8, 2019

Minor Change to Consent Enforcement in Registration

...