We’re making some changes to our SSL configuration that you need to be
aware of, to ensure there’s no disruption to yourself or your end-users.
What is changing?
We’re adjusting the way our server negotiates encryption keys when
establishing a secure (TLS) connection with your client(s).
The prime number (often called dh_param) that is used for Diff-Helleman
(DH) key exchange is being increased from 1024 bits to 2048 bits in line
with security best practices.
Please see the FreeAgent engineering blog
for further information on why we are making this change.
Please note that we are not vulnerable to the “logjam” attack server side
as we do not support export grade ciphers.
When will it happen?
The change will occur on the morning of Monday 22 February 2016.
What should I do ?
Please make sure that your application stack can support one of the
ciphersuites listed under Mozilla’s Intermediate Compatibility list
We’ve already rolled out this change to our sandbox environment. You should
check that your application can negotiate a TLS connection to:*
My application does not work!
All modern client platforms should be compatible with the supported
Please read our blog post
for more details, especially if you are using a Java based stack.
Wait, I have some questions?
Feel free to post your questions in the thread below, we’ll be happy to