In our recent Cloud SWG release, we have made enhancements to prioritize security by removing support for weak or deprecated TLS ciphers. This decision is part of our ongoing efforts to maintain the highest standards of security and protect our clients' data from potential vulnerabilities. As a result, clients communicating with the Cloud SWG Portal, including UPE (User Policy Enforcement) updates, are required to have support for specific TLS ciphers.
To ensure seamless communication with the Cloud SWG Portal and to comply with the updated security standards, clients are required to support at least one of the following TLS ciphers:
TLS 1.2:
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-SHA256
- ECDHE-RSA-AES256-SHA384
- TLS_RSA_WITH_AES_256_CBC_SHA
TLS 1.3:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_AES_128_CCM_SHA256
- TLS_AES_128_CCM_8_SHA256
Clients are advised to review their systems and ensure that they support at least one of the specified TLS ciphers to maintain uninterrupted access to the Cloud SWG Portal and receive UPE updates. This proactive measure will help in safeguarding the integrity and confidentiality of data transmitted between clients and the Cloud SWG infrastructure.
If you have any questions or require further assistance regarding this update, please don't hesitate to contact our support team.