Weak Cipher, TLS 1.0, and TLS 1.1 Deprecation with Duo MFA
TLS 1.0 and 1.1 were deprecated in Mar 2021 with IETF RFC 8996. Today, the baseline TLS version used by most enterprises and businesses is 1.2. Many organizations, particularly those in highly regulated verticals and government agencies, also have to meet their respective compliance requirements. These requirements – like HIPAA, PCI-DSS, etc. – mandate the use of TLS 1.2 as a minimum version to meet the latest security standards. The consequences of not meeting compliance requirements could be huge, ranging from hefty fines to significant legal consequences.
There are also real security risks of using TLS 1.0 or 1.1 in any IT infrastructure or solutions. Well-known attacks like BEAST (Browser Exploit Against SSL/TLS), POODLE (Padding Oracle On Downgraded Legacy Encryption), etc. target insecure TLS versions, increasing organizational risks in exposing both their own and their users’ valuable data, potentially incurring major financial penalties and legal liabilities. The ever-evolving hacker landscape also means new cyberattacks will continue to emerge for any businesses that are not moving forward with secure technologies like TLS 1.2 or 1.3.
What is the impact?
TLS 1.0 and 1.1 and generally weak ciphers will no longer be supported by June 30, 2023 for all existing and new Duo customers.
This can affect connection requests from:
Duo Windows applications
Duo Unix on a Unix/Linux system with OpenSSL version 1.0.0 or earlier
Duo SDKs used by custom applications
Third-party SDKs that connect to Duo APIs
Duo LDAPS application for SSL VPN
Duo Mobile still in use on older versions of Android
Duo's supported cipher suite will change on June 30, 2023.
The cipher suite will change from:
| OpenSSL cipher name | RFC cipher name | Deprecation date |
|---|---|---|
|
DES-CBC3-SHA |
TLS_RSA_WITH_3DES_EDE_CBC_SHA |
Will be deprecated June 30,2023 |
|
AES256-SHA |
TLS_RSA_WITH_AES_256_CBC_SHA |
Will be deprecated June 30,2023 |
|
AES256-SHA256 |
TLS_RSA_WITH_AES_256_CBC_SHA256 |
Will be deprecated June 30,2023 |
|
AES128-SHA |
TLS_RSA_WITH_AES_128_CBC_SHA |
Will be deprecated June 30,2023 |
|
AES128-SHA256 |
TLS_RSA_WITH_AES_128_CBC_SHA256 |
Will be deprecated June 30,2023 |
|
AES128-GCM-SHA256 |
TLS_RSA_WITH_AES_128_GCM_SHA256 |
Will be deprecated June 30,2023 |
|
AES256-GCM-SHA384 |
TLS_RSA_WITH_AES_256_GCM_SHA384 |
Will be deprecated June 30,2023 |
|
ECDHE-RSA-DES-CBC3-SHA |
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
Will be deprecated June 30,2023 |
|
ECDHE-ECDSA-AES128-GCM-SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
|
|
ECDHE-RSA-AES128-GCM-SHA256 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
|
|
ECDHE-ECDSA-AES256-GCM-SHA384 |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
|
|
ECDHE-RSA-AES256-GCM-SHA384 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
|
|
ECDHE-ECDSA-AES128-SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
|
|
ECDHE-RSA-AES128-SHA256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
|
|
ECDHE-ECDSA-AES128-SHA |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
|
|
ECDHE-RSA-AES256-SHA384 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
|
|
ECDHE-RSA-AES128-SHA |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
|
|
ECDHE-ECDSA-AES256-SHA384 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
|
|
ECDHE-ECDSA-AES256-SHA |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
|
|
ECDHE-RSA-AES256-SHA |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
Beginning June 30, 2023, supported cipher suites will change to the following:
| OpenSSL cipher name | RFC cipher name |
|---|---|
|
ECDHE-ECDSA-AES128-GCM-SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
|
ECDHE-RSA-AES128-GCM-SHA256 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
|
ECDHE-ECDSA-AES256-GCM-SHA384 |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
|
ECDHE-RSA-AES256-GCM-SHA384 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
|
ECDHE-ECDSA-AES128-SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
|
ECDHE-RSA-AES128-SHA256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
|
ECDHE-ECDSA-AES128-SHA |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
|
ECDHE-RSA-AES256-SHA384 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
|
ECDHE-RSA-AES128-SHA |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
|
ECDHE-ECDSA-AES256-SHA384 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
|
ECDHE-ECDSA-AES256-SHA |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
|
ECDHE-RSA-AES256-SHA |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
Note: There are some operating systems that only support specific ciphers that may be considered weak by industry standards. We are planning to deprecate them in the future when this OS dependency is no longer an issue.
Australia region cipher suites will remain unchanged on June 30, 2023, and will continue to support only the following ciphers:
| OpenSSL cipher name | RFC cipher name |
|---|---|
|
ECDHE-ECDSA-AES128-GCM-SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
|
ECDHE-RSA-AES128-GCM-SHA256 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
|
ECDHE-ECDSA-AES256-GCM-SHA384 |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
|
ECDHE-RSA-AES256-GCM-SHA384 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
|
ECDHE-RSA-AES128-SHA256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
|
ECDHE-RSA-AES128-SHA |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
What action do you need to take?
Please follow our guide to updating Duo for TLS version 1.2 and plan for the migration as soon as possible, as otherwise it may cause service disruption on June 30, 2023.
We understand that there will be situations when legacy systems may not be able to upgrade to higher TLS versions in the near future. We want to ensure that we’re preventing service disruption for customers that have legacy systems in place. In order to make this possible, we are providing a feedback form for customers in this situation and we will work with you to ensure that there will be a viable solution moving forward.