VIP (Validation ID Protection)

 View Only

Removal of weak ciphers in VIP services as part of August 2024 release

  • 1.  Removal of weak ciphers in VIP services as part of August 2024 release

    Broadcom Employee
    Posted Aug 05, 2024 01:31 PM

    Symantec is committed to maintaining strong security in all of its products. In a continuing effort to improve product security, Symantec is updating many of the ciphers that are used by VIP as part of the August 2024 release.

     

    Note: These changes affect the following services. No changes are made to any other services (such as VIP User Services):

    • manager.vip.symantec.com

    • ssp.vip.symantec.com

    • login.vip.symantec.com

    • my.vip.symantec.com

    • oidc.vip.symantec.com

    • oidc2.vip.symantec.com

    • api-auth.vip.symantec.com

    • goidservices-auth.vip.symantec.com

     

    The following weak ciphers are removed with this release:

    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

    • TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256

    • TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384

    • TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256

    • TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384

    • TLS_RSA_WITH_AES_128_CBC_SHA

    • TLS_RSA_WITH_AES_128_CBC_SHA256

    • TLS_RSA_WITH_AES_128_CCM

    • TLS_RSA_WITH_AES_128_CCM_8

    • TLS_RSA_WITH_AES_128_GCM_SHA256

    • TLS_RSA_WITH_AES_256_CBC_SHA

    • TLS_RSA_WITH_AES_256_CBC_SHA256

    • TLS_RSA_WITH_AES_256_CCM

    • TLS_RSA_WITH_AES_256_CCM_8

    • TLS_RSA_WITH_ARIA_128_GCM_SHA256

    • TLS_RSA_WITH_ARIA_256_GCM_SHA384

    • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA

    • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256

    • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

    • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256

     

    VIP continues to support the following ciphers:

    • TLS_AES_128_GCM_SHA256

    • TLS_AES_256_GCM_SHA384

    • TLS_CHACHA20_POLY1305_SHA256

    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

    • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

    • TLS_RSA_WITH_AES_256_GCM_SHA384 (goidservices-auth.vip.symantec.com only)

     

    To avoid any issues, you should review your implementation for any of the ciphers that are removed in this release and replace them with a supported cipher.

    The Symantec VIP Product Team