The following information is internal. This change, originally scheduled for April 10, 2019, has been postponed to a yet unknown date.
End of Support for Legacy SSL Ciphers
Gigya is removing support for legacy SSL protocols TLS 1.0 and TLS 1.1, which are no longer considered secure. Going forward, we will be supporting TLS protocols 1.2 and 1.3. This change will be rolled out to our staging environment on March 25, 2019, and to production on April 10, 2019.
|The following ciphers will be removed from Gigya's US1, EU1 and AU1 data centers:||The following list includes the ciphers we will be supporting in Gigya's US1, EU1 and AU1 data centers:|
Who Will Be Affected: Any customer using any of the SSL ciphers in the first column above to connect to Gigya's APIs over HTTPS.
Impact: If you are connecting to Gigya’s APIs over HTTPS and your web browser or server relies on one of the above mentioned ciphers, without support for a newer cipher, then a connection will not be established. In this instance, HTTPS API calls to Gigya will not succeed.
Why: To enhance security of Gigya API calls.
Action Required: We believe it is unlikely that any customer will be impacted. However, these SSL changes will be made in the Gigya staging environment on March 25 and we recommend that you test your implementation at that time.
FAQ'S Regarding This Change:
- What can I do to see if I will be affected and how can I prepare for these changes?
Your IT team can verify that your server supports at least one of the supported ciphers listed above. You can then verify this in Gigya’s Staging environment.
- Why are these ciphers considered insecure?
Older protocols which are currently supported by Gigya's servers are marked as insecure. Use of these protocols is considered insecure, since an attacker can theoretically sniff the communications and potentially crack the encryption.
- How could I check / ask my IT team to check if we are affected (without loading staging)? Is there some type of config file?
In order to work with HTTPS, there's a negotiation phase in which the client / server agrees on the protocol for the communication. In order to verify that the change will be transparent, you will need to verify that you are supporting at least one of ciphers which are on the list of our supported ciphers above. Note that all recent browsers support ciphers that will work well with our environment.