Author: Ingolf Rauh

AIS: Adaptation of the TLS protocol

Company Swisscom will change its TLS protocols and will no longer support unsecure TLS protocol versions and cryptographic processes. The change will take place on Oct. 29th, 2020 at 10pm. The following will change:
  1. No longer support of TLS Version 1.0
  2. No longer support of TLS Version 1.1
  3. No longer support of following TLS-Version 1.2-Cryptography:
  • AES256-GCM-SHA384
  • AES256-SHA256
  • AES256-SHA
  • AES128-GCM-SHA256
  • AES128-SHA256
  • AES128-SHA
Please check your TLS connections to us! This is the new configuration with the remaining supported chiffres after the change:  
SUITE BITS PROT CIPHER MAC KEYX
ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 AES-GCM SHA384 ECDHE_RSA
ECDHE-RSA-AES256-SHA384 256 TLS1.2 AES SHA384 ECDHE_RSA
ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 AES SHA ECDHE_RSA
ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 AES-GCM SHA256 ECDHE_RSA
ECDHE-RSA-AES128-SHA256 128 TLS1.2 AES SHA256 ECDHE_RSA
ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 AES SHA ECDHE_RSA
Der Vollständigkeit nach ist dies die  aktuelle Liste der Verschlüsselungssammlungen, die mit dem entsprechenden Protokoll aktiviert sind:  
SUITE BITS PROT CIPHER MAC KEYX
ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 AES-GCM SHA384 ECDHE_RSA
ECDHE-RSA-AES256-SHA384 256 TLS1.2 AES SHA384 ECDHE_RSA
ECDHE-RSA-AES256-CBC-SHA 256 TLS1 AES SHA ECDHE_RSA
ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 AES SHA ECDHE_RSA
ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 AES SHA ECDHE_RSA
AES256-GCM-SHA384 256 TLS1.2 AES-GCM SHA384 RSA
AES256-SHA256 256 TLS1.2 AES SHA256 RSA
AES256-SHA 256 TLS1 AES SHA RSA
AES256-SHA 256 TLS1.1 AES SHA RSA
AES256-SHA 256 TLS1.2 AES SHA RSA
AES256-SHA 256 DTLS1 AES SHA RSA
ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 AES-GCM SHA256 ECDHE_RSA
ECDHE-RSA-AES128-SHA256 128 TLS1.2 AES SHA256 ECDHE_RSA
ECDHE-RSA-AES128-CBC-SHA 128 TLS1 AES SHA ECDHE_RSA
ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 AES SHA ECDHE_RSA
ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 AES SHA ECDHE_RSA
AES128-GCM-SHA256 128 TLS1.2 AES-GCM SHA256 RSA
AES128-SHA256 128 TLS1.2 AES SHA256 RSA
AES128-SHA 128 TLS1 AES SHA RSA
AES128-SHA 128 TLS1.1 AES SHA RSA
AES128-SHA 128 TLS1.2 AES SHA RSA
AES128-SHA 128 DTLS1 AES
    Thes suites will be removed:  
SUITE BITS PROT CIPHER MAC KEYX
ECDHE-RSA-AES256-CBC-SHA 256 TLS1 AES SHA ECDHE_RSA
ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 AES SHA ECDHE_RSA
AES256-GCM-SHA384 256 TLS1.2 AES-GCM SHA384 RSA
AES256-SHA256 256 TLS1.2 AES SHA256 RSA
AES256-SHA 256 TLS1 AES SHA RSA
AES256-SHA 256 TLS1.1 AES SHA RSA
AES256-SHA 256 TLS1.2 AES SHA RSA
AES256-SHA 256 DTLS1 AES SHA RSA
ECDHE-RSA-AES128-CBC-SHA 128 TLS1 AES SHA ECDHE_RSA
ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 AES SHA ECDHE_RSA
AES128-GCM-SHA256 128 TLS1.2 AES-GCM SHA256 RSA
AES128-SHA256 128 TLS1.2 AES SHA256 RSA
AES128-SHA 128 TLS1 AES SHA RSA
AES128-SHA 128 TLS1.1 AES SHA RSA
AES128-SHA 128 TLS1.2 AES SHA RSA
AES128-SHA 128 DTLS1 AES