Important: Security update within Catalog; action required!

KataKeri
Instructure
Instructure
0
828

Canvas.png

UPDATE (May 8th, 2024)

This came out of a recent penetration test from our Security Team. This is not a security breach or such, this is a prevention - impact occurs if they are using outdated certificates. Since we won't accept the outdated certificates after June 3rd, it can break integrations - to prevent this we want to make sure Catalog users have enough time to test this in beta.

If you are using our Catalog public API with a 3rd party tool, please check the certificates/configuration between the two services (your 3rd party tool and Catalog API).

---

May 7th, 2024

Occasionally, unauthorised individuals may try to decode Secure Sockets Layer/Transport Layer Security (SSL/TLS) traffic between your server and our servers. This happens when weaker encryption methods are used during secure communication (SSL/TLS). To enhance the security of your Catalog instance, it's advisable to only permit the use of robust encryption methods on your web server.

After the fix is released to production (June 3rd, 2024), Catalog will no longer accept the following ciphers:

TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003C)

TLS_RSA_WITH_AES_128_CBC_SHA (0x002F)

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003D)

TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027)

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013)

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028)

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014)

TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009C)

TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009D

Your security is important to us. 

Please verify that the SSL/TLS certificates used in your server-server communication (for example, using Catalog API) are up to date. Use the TLS 1.3 certificate that was released and standardised in 2018.

For more details, please review the API and CI Change Log.

This change is now available in Catalog beta.