We use cookies to improve your experience. Please read our cookies policy here.

×

1st March 2022 – Changes to .UK Ciphers

CHANGE REQUIRED NOW

Notification of the removal of weak cipher suites from .UK EPP on 2022-03-01.

As first notified on 2021-09-07 we are taking steps to remove weak cipher suites from .UK EPP. We have taken the decision to bring this work forward to 2022-03-01 (previously planned for 2022-03-08).

The vast majority of registrars have updated their cipher suites and are now connecting securely with only a small number of registrars continuing to connect with weak ciphers that put their connections at an elevated security risk.

We cannot, from connection data alone, determine if registrars using the ciphers to be removed can use the remaining ciphers.

As of 2022-03-01 the only ciphers that will be accepted on:

  • .UK production environment (epp.nominet.org.uk:700);
  • .UK OTE environment (ote-epp.nominet.org.uk:700);
  • .UK testbed environment (testbed-epp.nominet.org.uk:700) – this can be used now for testing.

will be:

  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES256-SHA384
  • ECDHE-RSA-AES128-SHA25

Additionally, the following APIs will only accept TLS1.2 connections from 2022-03-01:

  • Domain Health API
  • List API

We apologise for the short notice but this is a necessary change to support the security of the .UK registry and infrastructure.

If you have any questions, please contact our customer services team on +44 1865 332233 or via [email protected].

Share this:

Minerva House, Edmund Halley Road, Oxford Science Park, OX4 4DQ, United Kingdom