Skip to content

YubiCloud no longer supports DH cipher suites

2016-09-01

Following up on our previous post, the YubiCloud, as of today no longer supports DH cipher suites. The change was made at exactly 2016-09-01 08:00:00 UTC.

The TLS configuration across all five api machines now is:

ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers    "EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES";
ssl_prefer_server_ciphers  on;

api 1, 2, 3 & 5 have already been using such configuration for a couple of weeks. Today, the change was made to api 4, bringing all api machines to a standardized TLS configuration.

testssl.sh results for api4 before and after the change was made are available. Note that the files are plain-text, but with a .doc extension to workaround a WordPress limitation.

Comments are closed.