From the 21st to the 23rd of February 2021 we will undertake work on our PingOne/PingID endpoints to tighten our security posture.
Based on cryptographic research it is no longer considered safe to decrypt data with the Cipher-Block-Chaining (CBC) mode of symmetric encryption algorithms. CBC cipher modes in context of the TLS 1.2 protocol are now obsolete and need to be sunset to protect our customers.
The ciphers that will be removed from operation are:
Based on extensive connectivity testing, there is no expected connectivity impact removing CBC cipher modes in TLS 1.2 for all supported clients and many unsupported mobile, server and desktop operating systems. CBC cipher modes are not supported in TLS 1.3 and there is no change for this protocol.
• There is no action required from our customers.
• The changes will be progressively rolled through the services listed.
• Updates to each region will be targeted to outside of each regions core hours.
If you have any questions, or find your service is unexpectedly impacted during the change window, please raise a case via the support portal at https://support.pingidentity.com