zesty.io

Product

Use Cases

Integrations

Learn

Company Announcements

Upcoming Change to Supported TLS Ciphers

TL;DR

Weak ciphers, which can cause security concerns (though represent a very small subset of our clients' web traffic), have been identified and will no longer be supported by Zesty.io. What this means for your business is that:

Ciphers to be removed by Zesty

On Monday 26th September at 12 PM PDT the Zesty.io CDN will be changed to remove support for the following legacy weak ciphers.

What does this mean for you?

Not much. It will be a transparent process that does not require any work on your part, but it does mean that clients (e.g. Web Browsers) that still use these weak ciphers will not be able to securely connect to your domains. 

We have been monitoring traffic over the past 30 days to assess the usage of the weak ciphers set for removal. Domains with requests using weak ciphers represented a very small percentage of their overall traffic. Most range between 0.03% - 0.003% of traffic using weak ciphers. 

The important aspect to think through is if you have automated systems that are using older browser versions. Do you have visual regression testing with Internet Explorer? Wrote a script years ago using an older version of OpenSSL? These would be affected by this change and would need to be updated to newer versions.

When is this occurring?

Monday 26th September at 12 PM PDT

What is the issue?

TLS

TLS is an abbreviation for Transport Layer Security. It facilitates secure communication on top of HTTP. TLS ensures that Internet traffic is private between you and a website.

Ciphers

The TLS technology contains a list of encryption ciphers. Your browser negotiates which cipher suite to use with the website. Your browser will negotiate the most secure cipher available to you and the website.

Why?

Certain ciphers are no longer acceptable for modern use. Security researchers identified methods to decrypt TLS sessions with certain ciphers. This does not mean the Internet is completely done for! There are modern, secure ciphers available for use today, which you’re probably using to make video calls in your browser right now.

TLS Downgrade Attack

Certain malicious parties may “downgrade” your session to a weaker cipher. After the configuration is complete this type of attack is impossible because Zesty will not accept vulnerable ciphers.

Zesty's Focus

Zesty.io works to keep customer data private and secure. The change in Transport Layer Security Ciphers will be another step in preventing malicious parties from intercepting sensitive data as it travels to and from our service.

Questions? Please contact your dedicated account manager.

By Stuart Runyan

Developing web technologies is my passion! I'm focused on creating applications and experiences to solve the problems which today's digital marketers face. I believe in web standards, a mobile first approach, access for everyone, open source software and the democratization of information. My goal is to continue the Internet being pure awesome!

Related Articles

Subscribe to the zestiest newsletter in the industry

Get the latest from the Zesty team, from whitepapers to product updates.