SnapLogic provides a suite of protocols and ciphers that focus on security while allowing for reasonable compatibility. Our servers negotiate to the most secure combination the client can support. Clients that are able to support TLS v1.2 connect with the related protocol. Similarly, the most secure cipher that can be negotiated with the client is used.
The following ciphers apply only for public API calls to the SnapLogic control plane, for control plane triggered API calls, and Cloudplex trigger against SnapLogic managed load balancers. The ciphers are not used for Groundplex triggered Pipelines or customer managed load balancer ciphers that are used for Groundplex instances.
TLS 1.2 Cipher Suite | OpenSSL Cipher Suite |
---|---|
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | ECDHE-ECDSA-AES128-GCM-SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | ECDHE-ECDSA-AES128-SHA |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | ECDHE-ECDSA-AES128-SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | ECDHE-ECDSA-AES256-GCM-SHA384 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | ECDHE-ECDSA-AES256-SHA |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | ECDHE-ECDSA-AES256-SHA384 |
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 | ECDH-ECDSA-AES128-GCM-SHA256 |
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA | ECDH-ECDSA-AES128-SHA |
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 | ECDH-ECDSA-AES128-SHA256 |
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 | ECDH-ECDSA-AES256-GCM-SHA384 |
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | ECDH-ECDSA-AES256-SHA |
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 | ECDH-ECDSA-AES256-SHA384 |
TLS_DH_anon_WITH_AES_128_GCM_SHA256 | ADH-AES128-GCM-SHA256 |
TLS_DH_anon_WITH_AES_128_CBC_SHA | ADH-AES128-SHA |
TLS_DH_anon_WITH_AES_256_GCM_SHA384 | ADH-AES256-GCM-SHA384 |
TLS_DH_anon_WITH_AES_256_CBC_SHA | ADH-AES256-SHA |
TLS_DH_anon_WITH_DES_CBC_SHA | ADH-DES-CBC-SHA |
As we continue enhancing our security protocols, starting from , we will cease support for the following ciphers on the SnapLogic Platform. Hence, we recommend you to remove these ciphers from your clients. Else, API calls to the control plane and your Cloudplex instances will likely fail.
TLS 1.2 Cipher Suite | OpenSSL Cipher Suite |
---|---|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | ECDHE-RSA-AES128-SHA256 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ECDHE-RSA-AES256-GCM-SHA384 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | ECDHE-RSA-AES256-SHA384 |
TTLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ECDHE-RSA-AES256-CBC-SHA |
If your SnapLogic instance displays SSL/TLS related error messages after August 14th, then you might want to confirm if any of your clients are using the above unsupported ciphers.