Cloud SWG Release: Removal of Support for Weak/Deprecated TLS Ciphers
search cancel

Cloud SWG Release: Removal of Support for Weak/Deprecated TLS Ciphers

book

Article ID: 367575

calendar_today

Updated On: 05-13-2024

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

In our recent Cloud SWG release, we have made enhancements to prioritize security by removing support for weak or deprecated TLS ciphers. This decision is part of our ongoing efforts to maintain the highest standards of security and protect our clients' data from potential vulnerabilities. As a result, clients communicating with the Cloud SWG Portal, including UPE (User Policy Enforcement) updates, are required to have support for specific TLS ciphers.

Resolution

To ensure seamless communication with the Cloud SWG Portal and to comply with the updated security standards, clients are required to support at least one of the following TLS ciphers:

TLS 1.2:

- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-SHA256
- ECDHE-RSA-AES256-SHA384
- TLS_RSA_WITH_AES_256_CBC_SHA

TLS 1.3:

- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_AES_128_CCM_SHA256
- TLS_AES_128_CCM_8_SHA256

Clients are advised to review their systems and ensure that they support at least one of the specified TLS ciphers to maintain uninterrupted access to the Cloud SWG Portal and receive UPE updates. This proactive measure will help in safeguarding the integrity and confidentiality of data transmitted between clients and the Cloud SWG infrastructure.

If you have any questions or require further assistance regarding this update, please don't hesitate to contact our support team.