Skip to main content
Sign in

Updating Cipher Suites

  • Updated

Overview

We're enhancing our API security by deprecating outdated cipher suites. This article explains how to determine if your systems are affected and what steps to take if updates are needed.

Will This Affect My Integration?

Most modern systems will not be affected, as they automatically negotiate the most secure cipher available. However, older systems or custom configurations may require adjustments.

How to Check Your System

Check Your Current Cipher Support

Most systems use the default SSL/TLS implementation of your operating system (OpenSSL for Linux, Microsoft's security stack for Windows).

For Linux/Unix systems:

openssl ciphers -v

This command displays all supported cipher suites on your system.

Verify Which Cipher Is Being Used

To check which cipher is negotiated when connecting to our API:

openssl s_client -connect api.documo.com:443

In the output, look for a line similar to:

New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384

This shows the cipher being used in your connection.

Determine If Action Is Needed

If your connection is using any of the following deprecated ciphers, you'll need to update your configuration:

Authenticated Encryption (AEAD):

  • ECDHE-ECDSA/RSA with AES-128/256-GCM-SHA256/384
  • ECDHE-ECDSA/RSA with CHACHA20-POLY1305

Legacy Encryption:

  • ECDHE-ECDSA/RSA with AES-128/256-SHA/SHA256/SHA384
  • DHE-RSA with AES-128/256-SHA256
  • AES-128/256 with SHA/SHA256/384
  • DES-CBC3-SHA

Pro Tip: You can test against our sandbox environment at api.sandbox.documo.com, which has already implemented these cipher changes.

Updating Your Configuration

If you need to update your system, follow these steps based on your environment:

System-Level Changes

Modify your OpenSSL configuration file (typically at /etc/ssl/openssl.cnf).

For more information, consult:

Application-Level Changes

For curl applications:

curl -v --tlsv1.2 --ciphers <SECURE_CIPHER_SUITE> https://api.documo.com

curl -v --tlsv1.3 --ciphers <SECURE_CIPHER_SUITE> https://api.documo.com

For Python applications:

import ssl

print(ssl.OPENSSL_VERSION)

print(ssl.get_ciphers())

# Update your requests/urllib3 configuration as needed

For Java applications:

java -Djavax.net.debug=ssl -jar your_app.jar

# Modify your Java security settings as appropriate

Common Questions

When will these changes take effect?

This will take effect on August 26th, 2025.

Which cipher suites are recommended instead?

We recommend using modern cipher suites that support TLS 1.2 and TLS 1.3 protocols, particularly those that implement Perfect Forward Secrecy (PFS).

Will this affect performance?

No, modern cipher suites are optimized for performance and should not impact your application speed.

Need Additional Help?

If you're experiencing issues or have questions not covered in this article:

  1. Check that your system is using a current version of TLS (1.2 or 1.3)
  2. Verify that your application is using up-to-date libraries for API connections
  3. Contact our support team with details about your environment and any error messages you receive

 

Last Updated: 3/11/25

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles