Stay Informed @askDocusign on Twitter


DocuSign TLSv1.0 support to end June 30, 2018 (Updated end date: June 25, 2018)

March 16, 2018

Following industry best practices, DocuSign will end TLSv1.0 support effective June 30, 2018 June 25, 2018. This date aligns with the deadline the PCI Security Standards Council has set for companies that wish to remain PCI Data Security Standard (PCI DSS) compliant.  Other leading SaaS vendors, including Salesforce, Box, and PayPal, plan to end support for TLSv1.0 in June.

More information is available here: https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls

In addition to retiring the insecure TLSv1.0 protocol, we will also remove a set of cipher suites which are no longer considered secure. This includes ciphers such as 3DES along with a few others that have an insufficient key length to securely encrypt communications.

The ciphers to be retired include the following:

· TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

· TLS_RSA_WITH_3DES_EDE_CBC_SHA 

· TLS_RSA_WITH_AES_256_GCM_SHA384

· TLS_RSA_WITH_AES_256_CBC_SHA256

· TLS_RSA_WITH_AES_256_CBC_SHA 

· TLS_RSA_WITH_AES_128_GCM_SHA256

· TLS_RSA_WITH_AES_128_CBC_SHA256 

· TLS_RSA_WITH_AES_128_CBC_SHA 

TLSv1.0 and these cipher suites are utilized by a small set of customers to support legacy integrations. These integrations will need to be updated to support secure, modern ciphers and is often as easy as recompiling the solution with updated libraries. The PCI Security Standards Council has published detailed guidance for migration from SSL/early TLS. It is available here: www.pcisecuritystandards.org/documents/Migrating-from-SSL-Early-TLS-Info-Supp-v1_1.pdf

All internet browsers currently supported by DocuSign already default to newer versions of TLS, so this change will go unnoticed by web and mobile users. Please contact DocuSign support with additional questions.