Notice of updates to TLS Protocol and Cipher Suites

As part of Nominet’s ongoing commitment to strengthening our security measures, we are updating our supported TLS protocols and cipher suites. Please note specific actions your technical teams may need to take to support this change.

Nominet will be updating the TLS and cipher suites to support only the following: 

• TLS1.3
  • TLS13-AES128-GCM-SHA256 
  • TLS13-AES256-GCM-SHA384 
  • TLS13-CHACHA20-POLY1305-SHA256 
• TLS1.2
  • ECDHE-RSA-AES256-GCM-SHA384 
  • ECDHE-RSA-AES128-GCM-SHA256 
  • ECDHE-RSA-CHACHA20-POLY1305-SHA256 

The following cipher suites will be removed: 

• TLS1.2
  • ECDHE-RSA-AES256-SHA384 
  • ECDHE-RSA-AES128-SHA256 

Details and timings:

• Date: Wednesday 23rd July 
  • All EPP testbed environments for all registries. 
  • Domain Health API (domainhealth-api.nominet.uk) 
  • List API (listapi.nominet.org.uk) 
  • RDAP
• Date: Thursday 23rd October
  • EPP production environments for all registries.
  • EPP OT&E environments for all registries. 
    

Customer Action Required:

• Ideally, use TLS1.3 to connect to our services, but at minimum, check your clients are compatible with the remaining cipher suites in either TLS1.2 or TLS1.3.
• Test connectivity in the EPP testbed after the July update as listed above to verify compatibility and identify issues before the October production rollout.

If you have any questions please contact our customer support team via +44 (0)330 236 9480 or via [email protected].

Share this: