YubiCloud no longer supports DH cipher suites

Following up on our previous post, the YubiCloud, as of today no longer supports DH cipher suites. The change was made at exactly 2016-09-01 08:00:00 UTC.

The TLS configuration across all five api machines now is:

ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers    "EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES";
ssl_prefer_server_ciphers  on;

api 1, 2, 3 & 5 have already been using such configuration for a couple of weeks. Today, the change was made to api 4, bringing all api machines to a standardized TLS configuration.

testssl.sh results for api4 before and after the change was made are available. Note that the files are plain-text, but with a .doc extension to workaround a WordPress limitation.