Removal of Support for DHE and 3DES-based SSL Ciphers

Posted
 
Announced Testing in Staging is Ready Removal
December 5th, 2017 December 11th, 2017 January 27th, 2018


If you are currently requiring a DHE or 3DES-based SSL cipher listed below, you will have to change to allow the use of a supported SSL cipher.

What does this mean?

As part of VitalSource’s continual commitment to information security and ensuring our practices meet industry standards, we will be retiring support for specific SSL encryption methods that are considered older and less secure.  

We expect this will likely have no impact on your VitalSource API integrations, as it falls in line with standard industry practice. However, we want to extend notice and testing facilities should you have any concern.

Timeline for retirement

  1. On December 11th, 2017, we will update our staging API environments so that you have a testable environment if needed.
  2. On January 27th, 2018, we will update our production API environments to be fully complete with this change. 

What ciphers is VitalSource no longer supporting? 

After January 27th, 2018, VitalSource will no longer support ciphers in red. VitalSource will continue to support ciphers in black

TLS Version  SSL Ciphers
TLS 1.2 

Removed cipers

  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA 
  • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA 
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 

Supported cipers (suites in preferred order)

  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256  
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA256
TLS 1.1

Removed cipers

  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

Supported ciphers (suites in preferred order)

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
TLS 1.0

Removed cipers

  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

Supported ciphers (suites in preferred order)

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA


Who should I contact if I need help or have questions?
 

If you have any questions or concerns, please reach out to your Integration Manager.

 

people found this useful.
Was this article helpful?
0 out of 0 found this helpful