Beginning on March 22, 2021, Alert Logic will only accept network communications secured with TLS 1.2 or later. This article describes the change and why we are making it.
What is changing?
As a result of this change, communications with the Alert Logic console and public APIs (i.e., connections between your web browser and the Alert Logic console, or between your software and Alert Logic public APIs) must be protected by TLS 1.2 or newer. Any communications using TLS 1.0 or TLS 1.1 will be rejected. Communication with Alert Logic has already required TLS 1.2 in many cases, and this change updates the standard policy for all endpoints and login pages. Additionally, one TLS encryption cypher - RSA_WITH_3DES-CBC3-SHA - will be retired.
Why is this change being made?
TLS versions prior to 1.2 suffer from known security issues. By supporting earlier versions of TLS, our customers are at higher risk of TLS downgrade attacks, which can force use of these protocols in some circumstances.
Who is affected?
All customers logging in to the Alert Logic console or using Alert Logic public APIs will be affected by this change. However, modern web browsers and communications libraries widely support TLS 1.2, and in this case the change will be transparent. Alert Logic agents and appliances do not need to be updated as a result of this change.
For more information, open a ticket with Alert Logic Support or see the following resources:
- SSL Labs Grade Change for TLS 1.0 and TLS 1.1 Protocols, Qualys
- Document Library with TLS search results, PCI Security Standards Council
- Apple, Google, Microsoft, and Mozilla come together to end TLS 1.0, ARS Technica