--- title: "Security Update: Enhancing TLS Security at Whatfix" slug: "improving-security-with-updated-tls-ciphers" updated: 2025-09-30T05:33:56Z published: 2025-09-30T05:33:56Z excludeFromSearch: true excludeFromExternalSearch: true --- > ## Documentation Index > Fetch the complete documentation index at: https://support.whatfix.com/llms.txt > Use this file to discover all available pages before exploring further. # Security Update: Enhancing TLS Security at Whatfix #### **Overview** As part of our continuous improvements in security and compliance, Whatfix will disable the TLS cipher suite (`TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`) on our domains (Whatfix.com and *.whatfix.com). For more information about the Cipher suite, see [Cipher suite.](https://en.wikipedia.org/wiki/Cipher_suite) Weak ciphers expose connections to attacks such as **Lucky13**, **BEAST**, and **POODLE**, and do not meet modern security standards. Disabling such ciphers helps: - Protect user data confidentiality, integrity, and availability. - Ensure secure connections across all Whatfix services. - Strengthen compliance with industry standards (NIST, OWASP, PCI DSS). This change ensures that strong, industry-recommended cipher suites are used to establish secure communication with Whatfix services. --- #### **What is changing?** Currently, Whatfix supports the cipher `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384` for backward compatibility in HTTPS connections. This cipher is outdated and does not align with modern security standards. Weak cipher support will be disabled on **18 October 2025**. --- #### **What is the impact of the change?** - **Legacy browsers or clients** relying solely on weak ciphers cannot establish secure connections. You might see errors such as: Here’s the list of browsers that might be impacted: - Cannot establish a secure connection - Unsupported protocol or cipher suite - **Chrome:** versions earlier than 48 - **Firefox:** versions earlier than 52 - **Internet Explorer:** versions 6 to 11 - **Edge:** versions 12 to 18 - **Opera:**versions earlier than 35 - **Safari macOS:**versions earlier than 13 - **Safari iOS:**versions earlier than 12 - **Modern browsers** (Chrome, Firefox, Edge, Safari, and more) and clients that support strong TLS ciphers will continue to work without any issues. --- #### **What are the supported ciphers?** The following secure ciphers remain active: - **# TLS 1.3** - TLS_AES_128_GCM_SHA256 (0x1301) - TLS_AES_256_GCM_SHA384 (0x1302) - TLS_CHACHA20_POLY1305_SHA256 (0x1303) - **# TLS 1.2** - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) --- #### **What should you do to ensure compatibility?** To maintain uninterrupted access and secure connections: - **Update Browsers:**Ensure you are using modern browsers that support strong TLS ciphers. The following table lists browsers and their recommended versions: | #### Browser | #### Recommended Version or Later | | --- | --- | | Google Chrome | 48+ | | Mozilla Firefox | 47+ | | Microsoft Edge (Chromium) | 79+ | | Safari | 12+ | | Opera | 36+ | - **Test Custom Integrations:**If you are using custom integrations, test them to confirm they support strong TLS ciphers. --- **How to test browser compatibility?** **Step 1: Test for weak cipher** 1. Open your browser and visit [SSL Labs Client Test](https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html). 2. Under **Protocol Features**, in the **Cipher Suites (in order of preferences)** section, check which ciphers are supported. ![](https://cdn.document360.io/a268766e-d74d-4619-9613-e2472f809ffb/Images/Documentation/Protocol_features.png) **Step 2: Understand your test results** When you run the SSL Labs Client Test, you might see different results depending on your browser’s supported ciphers. Here’s what they mean: - **Both strong and weak ciphers supported:** - Your browser automatically uses strong ciphers for secure connections. - No action is required; you will not experience any disruption once a weak cipher is disabled. ![](https://cdn.document360.io/a268766e-d74d-4619-9613-e2472f809ffb/Images/Documentation/Strong_cipher(1).png) - **Only weak ciphers supported (tagged as WEAK):** - Your browser relies solely on outdated encryption methods. - Once weak ciphers are disabled, your browser fails to connect to Whatfix, causing disruption. ![](https://cdn.document360.io/a268766e-d74d-4619-9613-e2472f809ffb/Images/Documentation/Weak_ciphers(1).png) **Step 3: Update or upgrade your browser** If your browser supports only weak ciphers, upgrade to a [recommended version](/studio/docs/improving-security-with-updated-tls-ciphers#browser) to ensure seamless access to Whatfix.