Hi Developers,
We’re making some changes to our SSL configuration that you need to be
aware of, to ensure there’s no disruption to yourself or your end-users.
What is changing?
We’re adjusting the way our server negotiates encryption keys when
establishing a secure (TLS) connection with your client(s).
The prime number (often called dh_param) that is used for Diff-Helleman
(DH) key exchange is being increased from 1024 bits to 2048 bits in line
with security best practices.
Please see the FreeAgent engineering blog
http://s485235934.t.en25.com/e/er?s=485235934&lid=1332&elq=99e5598a31c04ec580447b100f4f1aa2&elqaid=1547&elqat=1&elqTrackId=5147b05598f8412f9d7e3f688cb39f43
for further information on why we are making this change.
Please note that we are not vulnerable to the “logjam” attack server side
as we do not support export grade ciphers.
When will it happen?
The change will occur on the morning of Monday 22 February 2016.
What should I do ?
Please make sure that your application stack can support one of the
ciphersuites listed under Mozilla’s Intermediate Compatibility list
http://s485235934.t.en25.com/e/er?s=485235934&lid=1333&elq=99e5598a31c04ec580447b100f4f1aa2&elqaid=1547&elqat=1&elqTrackId=9779605c968740eba4b2a4b418a5bccb
.
We’ve already rolled out this change to our sandbox environment. You should
check that your application can negotiate a TLS connection to:*
https://api.sandbox.freeagent.com https://api.sandbox.freeagent.com.*
My application does not work!
All modern client platforms should be compatible with the supported
ciphersuites.
Please read our blog post
http://s485235934.t.en25.com/e/er?s=485235934&lid=1332&elq=99e5598a31c04ec580447b100f4f1aa2&elqaid=1547&elqat=1&elqTrackId=96958346d752490f9097749ee673509e
for more details, especially if you are using a Java based stack.
Wait, I have some questions?
Feel free to post your questions in the thread below, we’ll be happy to
help.