All .EU and .AU services plus .com critical path (MFA/SSO) services have already been completed. Only non-critical path services remain to be rolled on .com which will begin it's 2nd change window after North American business hours. Our support teams have worked with customers impacted by the removal of these ciphers, in many cases swiftly assisting the identification of solutions. If you have any TLS handshake issues with Ping services, after this update, the team stand ready to assist https://support.pingidentity.com/s/
Posted Nov 03, 2021 - 21:46 UTC
In progress
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Posted Nov 02, 2021 - 17:00 UTC
Scheduled
This is the final change in the series, which deprecates ciphers which are obsolete by modern standards.
The following cipher will be removed from operation • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 The cipher will be removed from all endpoints in all regions.
Additionally the following ciphers will be removed from the PingID's Authenticator and IDP services for .com as these were reverted previously to assist a customer. • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 • TLS_DHE_RSA_WITH_AES_256_CBC_SHA • TLS_RSA_WITH_3DES_EDE_CBC_SHA
Java 7 applications using the platforms will no longer connect after this date unless they have update 191 or higher. Java 8 and 11 are both compatible, and will already use the GCM ciphers instead of these.
The change begins at 17:00 UTC November 2, 2021. .EU will be updated first, then .COM followed by .COM.AU. The change could take 48hrs in total to run in all regions (during off-peak times only) due to the size of the estate. We cannot detail precise times per application per region as they can vary and because uptime will not be affected during what otherwise would be regular maintenance.