As part of our continuous effort to align with industry best practices and data integrity, we are implementing changes to our network security standards, specifically related to HTTPS services. On November 1, 2017, we will implement these changes in an effort to maintain the highest security standards and promote the safety of customer data.
To ensure you do not experience any service disruption, we ask that you review the information below and ensure that your system will support the planned changes. After these changes, any web browser or system interface that is not able to support these changes will not be able to access our HTTPS based services.
What is Changing?
- Encryption Protocol. We will disable support for any transport encryption protocol below TLS 1.2. Please see the FAQ section for more information on TLS.
- Cipher Suites. We will disable support for all medium and low level ciphers, as we will support high ciphers only.
Which Services Will Be Affected by These Changes?
All of our services that are available over HTTPS will be included in this change.
- Web Browser Based Services. Any of our sites that you access through a web browser will be included with this change. If you are unsure of the specific sites that you access that are affected, please contact your client manager for a list.
- System-to-System Integrations. Any of our services that are accessed from your system over HTTPS will be included with this change. This would include API calls, SSO integrations, and EDI integrations. If you are unsure of the specific sites that your system accesses for system-to-system integrations over HTTPS, please contact your client manager for a list.
How Can I Make Sure I Am Ready?
Most modern web browser versions since 2014 will be able to support these changes by default. However, to check whether you are using an older browser that will not be compatible with these changes, please see below.
- Browser Compatibility Test: You can visit SSL Labs to check the current capabilities of your browser. If you see the message “Your user agent has good protocol support” under the Protocol Support section, then good news! Your browser is already capable of supporting the changes we will be making. If you do not receive this message, then you may need to contact your IT department about updating your browser settings. Refer to the FAQ section for a list of compatible browsers.
- Test Environments: As an alternative to the SSL Labs site mentioned above, we invite you to visit any of our non-production sites after Monday, September 25, 2017, and verify that you are able to access them as you normally do. If you are unfamiliar with the non-production sites that are available to you, then please contact your client manager. If you are unable to access the site, then you may need to contact your IT department about updating your browser settings. Refer to the FAQ section for a list of compatible browsers.
System-to-System Integrations Compatibility
- Test Environments: We will be applying the same changes to our non-production test environments on Monday, September 25, 2017. You will be able to test your system integration against our non-production site after this change to verify that you are able to access them as you normally do. If you are unfamiliar with the non-production sites that are available to you, then please contact your client manager.
What If I Won’t Be Ready?
If your organization will not be able to support these changes by November 1, 2017, then please have your Security Officer submit a request to firstname.lastname@example.org to arrange a discussion with our security team.
What Else Should I Know?
Additional Information About Covisint Network Security
In addition to the planned changes that are described above, please be aware that we use SHA-256 as the standard cryptographic hash algorithm level for all certificates that are used for network encryption. Additionally, Covisint supports Perfect Forward Secrecy using 2048 bit keys.