End of TLS 1.1 and legacy cipher support

Following industry best practices, DocuSign is scheduling the removal of weak ciphers in 2021 and the end of TLS 1.1 support.

The PCI Security Standards Council has mandated that companies that wish to remain PCI Data Security Standard (PCI DSS) compliant must have transitioned to TLS 1.2 by June of 2021.

TLS 1.1 and some legacy cipher suites are utilized by a small set of customers to support legacy integrations that utilize SOAP or REST APIs. These integrations will need to be updated to support secure, modern protocols and ciphers. This update is often as easy as recompiling the solution with updated libraries.

In addition to retiring the TLS 1.1 protocol, DocuSign will also remove a set of cipher suites which are no longer considered secure. This includes ciphers that have an insufficient key length to securely encrypt communications.

The ciphers to be retired include the following:
 

Phase 1: Q2 2021 (Complete)

  • RSA-AES-256-CBC-SHA256 (Inbound)
  • RSA-AES256-CBC-SHA-384 (Inbound)
  • RSA-CAMELLA-256-CBC-SHA (Inbound)
  • RSA-CAMELLA-128-CBC-SHA (Inbound)


Phase 2:  2H 2021

  • DES-CBC3-SHA (Inbound)

All current internet browsers supported by DocuSign already default to newer versions of TLS, so this change will go unnoticed by web and mobile users. TLS 1.1 support was removed from docusign.com entry points earlier this year. 

Key Dates:

Ciphers:

August 9, 2021: Remaining cipher legacy deprecation occurs on Demo
Target: October 11 2021: Remaining cipher legacy deprecation occurs on Production

TLS 1.1: Inbound 

April 13, 2021: TLS 1.1 deprecation in the stage and demo environments.
May 9, 2021: TLS 1.1 deprecation in production environments: NA1/NA2/NA3/NA4.
Target: July 13, 2021:  TLS 1.1 deprecation in production environments EU/CA/AU.

TLS 1.0: Outbound

June 23 2021: TLS 1.0 deprecation in the stage and demo environments.
Target: October 31, 2021: TLS 1.0 deprecation in the production environment.


Read our Preparing for TLS 1.1 removal blog post for advice on how to implement these changes in your integrations.
 

Please contact DocuSign support with any additional questions.