Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

What are the Ciphers are being used in the Server and Client end?

Bulusu Venkatesh July 7, 2021

Please give me a confirmation on the Ciphers Suite used in the Server and Client end for encrypting the data during its transfer from Client end to the Server end?

1 answer

1 vote
Robert
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 8, 2021

Hi @Bulusu Venkatesh !

 

Assuming you are asking about api.statuspage.io here. Our developer documentation does not explicitly list the supported ciphers; however, you can use a resource like SSL Labs to create a report of the supported ciphers and TLS versions:

https://www.ssllabs.com/ssltest/analyze.html?d=api.statuspage.io

 

Hope this helps!

Robert

Bulusu Venkatesh July 12, 2021

Hi Robert,

Thanks for your answer.

i would also want to know what cipher suites need to be used and what's listed/used currently?

Please Verify:-

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - not listed

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - not listed

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - listed

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - listed

Robert
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 13, 2021

Hi @Bulusu Venkatesh 

The ones not listed are not supported.

Bulusu Venkatesh July 14, 2021

Hi Robert,

Thanks for your answer.

I would also like to know if the client requires some Ciphers that are not listed. will you able to provide it to them?

Robert
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 14, 2021

Hi @Bulusu Venkatesh!

 

Is your client getting an error when trying to reach the API? I would expect that list to include all the supported ciphers. 

Bulusu Venkatesh July 14, 2021

Hi Robert,

Thanks for your answer.

Can you please confirm the cipher suites that are not listed, can they be also supported if a client requires it?

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - not listed

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - not listed

Bulusu Venkatesh July 21, 2021

Hi Robert,

can you please confirm me that the cipher suite provided below is weak, if required statuspage.io can remove it for me from their support?

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   ECDH secp256r1 (eq. 3072 bits RSA)   FS   WEAK

Robert
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 21, 2021

Hi @Bulusu Venkatesh !

 

That cipher is likely included so Statuspages still render on some older devices/browsers. However, it won't be used as long as the client supports any of the others listed (it's last on the server-preferred order). 

While a cipher may be labeled as weak in that test, that does not necessarily mean it's insecure.

 

Unfortunately, at this time, we do not have a method to selectively disable or enable specific ciphers for a page. However, our team is always reviewing these connection requirements to ensure they align with current best practices and industry standards thumbs-up

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events