Cryptographic update to PingOne Endpoints
Scheduled Maintenance Report for Ping Identity
Completed
This change was rolled back due to a customer request.
Posted Feb 22, 2021 - 10:03 UTC
In progress
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Posted Feb 21, 2021 - 07:01 UTC
Scheduled
From the 21st to the 23rd of February 2021 we will undertake work on our PingOne/PingID endpoints to tighten our security posture.

Change details:
Based on cryptographic research it is no longer considered safe to decrypt data with the Cipher-Block-Chaining (CBC) mode of symmetric encryption algorithms. CBC cipher modes in context of the TLS 1.2 protocol are now obsolete and need to be sunset to protect our customers.

The ciphers that will be removed from operation are:
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
• TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
• TLS_DHE_RSA_WITH_AES_256_CBC_SHA
• TLS_RSA_WITH_3DES_EDE_CBC_SHA

Based on extensive connectivity testing, there is no expected connectivity impact removing CBC cipher modes in TLS 1.2 for all supported clients and many unsupported mobile, server and desktop operating systems. CBC cipher modes are not supported in TLS 1.3 and there is no change for this protocol.

• There is no action required from our customers.
• The changes will be progressively rolled through the services listed.
• Updates to each region will be targeted to outside of each regions core hours.

If you have any questions, or find your service is unexpectedly impacted during the change window, please raise a case via the support portal at https://support.pingidentity.com
Posted Feb 10, 2021 - 10:35 UTC
This scheduled maintenance affected: PingOne (PingOne for Enterprise & PingOne SSO for SaaS Applications) (Administration API, Administration Portal, AD Connect & Routing Service, Single Sign-on, OAuth Configuration Service, PingOne dock - North America (.com), PingOne dock - Europe (.eu), PingOne dock - Australia (.com.au), Directory Login - North America (.com), Directory Login - Europe (.eu), Directory Login - Australia (.com.au), Directory API - North America (.com), Directory API - Europe (.eu), Directory API - Australia (.com.au), Office365 Service - North America (.com), Office365 Service - Europe (.eu), Office365 Service - Australia (.com.au), SCIM Provisioning - North America (.com), SCIM Provisioning - Europe (.eu), SCIM Provisioning - Australia (.com.au), Logging and Subscription Service) and PingID (PingID Authenticator - North America (.com), PingID Authenticator - Europe (.eu), PingID Authenticator - Australia (.com.au), PingID Server - North America (.com), PingID Server - Europe (.eu), PingID Server - Australia (.com.au)).