Knowledge Base

Description

On October 8, 2022, at 22:00 MDT (October 9, 2022, at 04:00 UTC), DigiCert will end support for Cipher-Block-Chaining (CBC) ciphers in TLS connections to our services to align with Payment card industry (PCI) standards. This change affects browser-dependent services and applications relying on the following CBC ciphers:

• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
• TLS_RSA_WITH_AES_256_CBC_SHA

This change doesn’t affect DigiCert-brand certificates. Your certificates will continue to work as they always have.

Affected URLs and services

What do I need to do?

Browser support

If you are using a modern browser, no action is required. Most browsers support strong ciphers, such as Galois/Counter Mode (GCM) ciphers, including Mozilla Firefox, Google Chrome, Safari, and Microsoft Edge. We recommend updating your browser to its most current version.

Applications and API integrations support

If applications or API integrations are affected by this change, enable stronger ciphers, such as GCM ciphers, in those applications and update API integrations before October 8, 2022.

If you do not update API integrations and applications, they will not be able to use HTTPS to communicate with CertCentral, the CertCentral Services API, CIS, and SCEP.

Have questions, need help?

Contact DigiCert Support.