Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

What are the Ciphers are being used in the Server and Client end?

Bulusu Venkatesh
Bulusu Venkatesh July 7, 2021

Please give me a confirmation on the Ciphers Suite used in the Server and Client end for encrypting the data during its transfer from Client end to the Server end?

Answer
Watch
Like Be the first to like this
356 views

1 answer

1 vote
Robert
Robert
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 8, 2021

Hi @Bulusu Venkatesh !

 

Assuming you are asking about api.statuspage.io here. Our developer documentation does not explicitly list the supported ciphers; however, you can use a resource like SSL Labs to create a report of the supported ciphers and TLS versions:

https://www.ssllabs.com/ssltest/analyze.html?d=api.statuspage.io

 

Hope this helps!

Robert

View More Comments
Bulusu Venkatesh
Bulusu Venkatesh July 12, 2021

Hi Robert,

Thanks for your answer.

i would also want to know what cipher suites need to be used and what's listed/used currently?

Please Verify:-

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - not listed

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - not listed

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - listed

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - listed

Like
Robert
Robert
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 13, 2021

Hi @Bulusu Venkatesh 

The ones not listed are not supported.

Like
Bulusu Venkatesh
Bulusu Venkatesh July 14, 2021

Hi Robert,

Thanks for your answer.

I would also like to know if the client requires some Ciphers that are not listed. will you able to provide it to them?

Like
Robert
Robert
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 14, 2021

Hi @Bulusu Venkatesh!

 

Is your client getting an error when trying to reach the API? I would expect that list to include all the supported ciphers. 

Like
Bulusu Venkatesh
Bulusu Venkatesh July 14, 2021

Hi Robert,

Thanks for your answer.

Can you please confirm the cipher suites that are not listed, can they be also supported if a client requires it?

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - not listed

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - not listed

Like
Bulusu Venkatesh
Bulusu Venkatesh July 21, 2021

Hi Robert,

can you please confirm me that the cipher suite provided below is weak, if required statuspage.io can remove it for me from their support?

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   ECDH secp256r1 (eq. 3072 bits RSA)   FS   WEAK

Like
Robert
Robert
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 21, 2021

Hi @Bulusu Venkatesh !

 

That cipher is likely included so Statuspages still render on some older devices/browsers. However, it won't be used as long as the client supports any of the others listed (it's last on the server-preferred order). 

While a cipher may be labeled as weak in that test, that does not necessarily mean it's insecure.

 

Unfortunately, at this time, we do not have a method to selectively disable or enable specific ciphers for a page. However, our team is always reviewing these connection requirements to ensure they align with current best practices and industry standards thumbs-up

Like
Reply

Suggest an answer

Log in or Sign up to answer
Statuspage
Statuspage
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events