Removal of Weak Ciphers from TLS 1.2 July 17, 2024 13:31 Updated Index: What will be the impact of this change? Which part of the platform will undergo changes? How to validate your integration? In this article, you will learn a little more about the removal of weak ciphers from TLS 1.2. This action reflects Blip's commitment to continuous improvement of information security. With this change, we ensure greater security and protection of your data. To begin, let's explain what “weak ciphers” are. The term is defined as "any cipher of the algorithm that uses CBC as the mode of operation or TLS_RSA as the key transport mechanism." As of 04/13/2022, Blip products and services will no longer support the use of weak ciphers in TLS 1.2 connections. With this change, we will exclusively support strong ciphers for the TLS 1.2 protocol. And, starting in 2024, Blip products and services will no longer support the TLS 1.2 protocol completely, supporting only TLS 1.3. What will be the impact of this change? Devices that do not support the use of TLS in the versions and configurations described above will be affected. This means that these devices will be unable to connect to Blip products and services. To better understand the importance of this security update, we recommend reading the NIST SP 800-52r2 publication (or the latest available version), which provides guidelines for selecting and configuring TLS protocol implementations to enhance the protection of sensitive data. The ciphers considered secure in TLS 1.2 are as follows: ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 For more information on which devices will be affected, visit: https://ssl-config.mozilla.org/ Which part of the platform will undergo changes? Only the integration URL, used for sending messages, commands, or notifications to Blip, will be changed to the new protocol. 2nd Choose the “Connection Information” option from the left-hand menu: 3rd At the bottom of the next page, in the final section “HTTP Endpoints”, you will find the URLs that will undergo the change. NOTE: The Blip Portal and Blip Desk websites have already implemented this security improvement since the end of 2021; therefore, they will not undergo any changes. How to validate your integration? To further secure this process, we provide a URL where it will be possible to test the new TLS configurations in advance: https://tlstest.blip.ai/ Important: This URL does not accept any requests from the platform and was created solely to validate HTTPS access with the new configurations. Therefore, its response will always be an HTML page with static content as shown below. If there is any error in this access, especially error messages specifying HANDSHAKE failure, this indicates that your technology platform will need updates or additional configurations. For more information, join the discussion on the topic in our community or watch videos on our channel. 😃 Related articles Cookies Use Policy Blip media upload policy How to send WhatsApp notifications through Blip API Data Extractor (Access to data) Active Campaign