Symantec is committed to maintaining strong security in all of its products. In a continuing effort to improve product security, Symantec is updating many of the ciphers that are used by VIP as part of the August 2024 release.
Note: These changes affect the following services. No changes are made to any other services (such as VIP User Services):
• manager.vip.symantec.com
• ssp.vip.symantec.com
• login.vip.symantec.com
• my.vip.symantec.com
• oidc.vip.symantec.com
• oidc2.vip.symantec.com
• api-auth.vip.symantec.com
• goidservices-auth.vip.symantec.com
The following weak ciphers are removed with this release:
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
• TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
• TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
• TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
• TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
• TLS_RSA_WITH_AES_128_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA256
• TLS_RSA_WITH_AES_128_CCM
• TLS_RSA_WITH_AES_128_CCM_8
• TLS_RSA_WITH_AES_128_GCM_SHA256
• TLS_RSA_WITH_AES_256_CBC_SHA
• TLS_RSA_WITH_AES_256_CBC_SHA256
• TLS_RSA_WITH_AES_256_CCM
• TLS_RSA_WITH_AES_256_CCM_8
• TLS_RSA_WITH_ARIA_128_GCM_SHA256
• TLS_RSA_WITH_ARIA_256_GCM_SHA384
• TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
• TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
• TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
• TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
VIP continues to support the following ciphers:
• TLS_AES_128_GCM_SHA256
• TLS_AES_256_GCM_SHA384
• TLS_CHACHA20_POLY1305_SHA256
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
• TLS_RSA_WITH_AES_256_GCM_SHA384 (goidservices-auth.vip.symantec.com only)
To avoid any issues, you should review your implementation for any of the ciphers that are removed in this release and replace them with a supported cipher.
The Symantec VIP Product Team