We take security very seriously, do you?
By design:
- We do not accept any insecure HTTP communication nor inbound nor outbound
- We do not accept cryptographic protocols already known as vulnerables or known as using weak ciphers. Specifically, all versions of SSL (Secure Sockets Layer) and TLS (Transport Layer Security) versions 1.0, 1.1.
- We do not accept weak ciphers on TLS version 1.2. To be more specifically we only accept the following ciphers:
Enabled features
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
We plan to decommission TLS 1.2 and only accept connections using TLS version 1.3, but unfortunately we couldn’t take yet the step to only accept TLS version 1.3 (or above) due to some legacy present in some of our customers and even on a few cloud services that we use, sorry for that.