Summary

The security level of the IDR cipher ECDHE-RSA-AES256-SHA384 will be changed from HIGH to MEDIUM in INCOMING and OUTGOING connection encryption settings. This is planned for October 2023 release.

Details

INCOMING Connection

If you are using HIGH encryption settings for INCOMING connections and if the end user/API client machines do not have any other common cipher than ECDHE-RSA-AES256-SHA384, upgrade the machines to include ciphers from the following list.

• ECDHE-RSA-AES256-GCM-SHA384
• ECDHE-RSA-AES128-GCM-SHA256
• DHE-RSA-AES256-GCM-SHA384
• DHE-RSA-AES128-GCM-SHA256

OUTGOING Connection

If you are using HIGH encryption settings for OUTGING connections and if any of the configured proxy backend applications (HTTP Federation Proxy/Trusted Header) do not have any other common cipher than ECDHE-RSA-AES256-SHA384, upgrade the backend applications to include the ciphers from the following list.

• ECDHE-RSA-AES256-GCM-SHA384
• ECDHE-RSA-AES128-GCM-SHA256
• ECDHE-ECDSA-AES128-GCM-SHA256
• DHE-RSA-AES256-GCM-SHA384
• DHE-RSA-AES128-GCM-SHA256

If you are unable to upgrade the cipher ECDHE-RSA-AES256-SHA384 settings at client, configure the MEDIUM level and publish.