Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

What are the Ciphers are being used in the Server and Client end?

Please give me a confirmation on the Ciphers Suite used in the Server and Client end for encrypting the data during its transfer from Client end to the Server end?

1 answer

0 votes
Robert Atlassian Team Jul 08, 2021

Hi @Bulusu Venkatesh !

 

Assuming you are asking about api.statuspage.io here. Our developer documentation does not explicitly list the supported ciphers; however, you can use a resource like SSL Labs to create a report of the supported ciphers and TLS versions:

https://www.ssllabs.com/ssltest/analyze.html?d=api.statuspage.io

 

Hope this helps!

Robert

Hi Robert,

Thanks for your answer.

i would also want to know what cipher suites need to be used and what's listed/used currently?

Please Verify:-

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - not listed

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - not listed

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - listed

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - listed

Robert Atlassian Team Jul 13, 2021

Hi @Bulusu Venkatesh 

The ones not listed are not supported.

Hi Robert,

Thanks for your answer.

I would also like to know if the client requires some Ciphers that are not listed. will you able to provide it to them?

Robert Atlassian Team Jul 14, 2021

Hi @Bulusu Venkatesh!

 

Is your client getting an error when trying to reach the API? I would expect that list to include all the supported ciphers. 

Hi Robert,

Thanks for your answer.

Can you please confirm the cipher suites that are not listed, can they be also supported if a client requires it?

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - not listed

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - not listed

Hi Robert,

can you please confirm me that the cipher suite provided below is weak, if required statuspage.io can remove it for me from their support?

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   ECDH secp256r1 (eq. 3072 bits RSA)   FS   WEAK

Robert Atlassian Team Jul 21, 2021

Hi @Bulusu Venkatesh !

 

That cipher is likely included so Statuspages still render on some older devices/browsers. However, it won't be used as long as the client supports any of the others listed (it's last on the server-preferred order). 

While a cipher may be labeled as weak in that test, that does not necessarily mean it's insecure.

 

Unfortunately, at this time, we do not have a method to selectively disable or enable specific ciphers for a page. However, our team is always reviewing these connection requirements to ensure they align with current best practices and industry standards thumbs-up

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Site Admin
TAGS
Community showcase
Published in Statuspage

New feature: Slack notifications for Statuspage

We're excited to announce the release of a long-requested feature on Statuspage. Now visitors to your status page can subscribe to get notified in Slack when you report an incident or maintenance. Th...

1,653 views 4 16
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you