Disabling of weak TLS cipher suites

Scheduled Maintenance Report for Mambu

Completed

The scheduled maintenance has been completed.

Posted May 22, 2023 - 06:00 UTC

In progress

Scheduled maintenance is currently in progress. We will provide updates as necessary.

Posted May 22, 2023 - 05:01 UTC

Scheduled

What change is Mambu implementing?
In order to provide a secure communication channel for Mambu services, and support high security standards, we are announcing the intention to make scheduled updates of our infrastructure to enable forward secrecy Transport Layer Security (TLS) cipher suites, and disable less secure TLS cipher suites.

What is required from you ?
Please ensure that the browser clients and applications communicating with Mambu services support at least one of the below TLS ciphers to ensure that the TLS handshake is successful. Main browsers on recent versions support below cipher suites. Applications that integrate with a Mambu service via APIs will need to be checked by you separately, for example by validating the configuration in a client application.

Currently supported TLS 1.2 ciphers:
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA384
AES128-GCM-SHA256
AES128-SHA256
AES256-GCM-SHA384
AES256-SHA256

Future supported TLS 1.2 ciphers:
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384

Disabled TLS 1.2 ciphers:
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA384
AES128-GCM-SHA256
AES128-SHA256
AES256-GCM-SHA384
AES256-SHA256

When is Mambu planning to make the change?
The change will come into effect on 22 of May 2023 05:00 UTC.

We are not expecting any downtime for this change.

Posted May 12, 2023 - 00:56 UTC

This scheduled maintenance affected: Mambu Production 2 (N. Virginia, USA).