Skip to main content

SmartRelay connection security protocols update

· 3 min read

After the intervention to strengthen the sending infrastructure, the level of connection security to the SmartRelay was increased. In case of using TLS protocols for communication encryption, a strongly recommended practice, we ask you to verify the correct functioning of sending communications, remembering that at the moment the supported and updated ciphers are the following:

TLSv1.2: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) – A TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) – A TLS_DHE_RSA_WITH_AES_128_CCM (dh 2048) – A TLS_DHE_RSA_WITH_AES_128_CCM_8 (dh 2048) – A TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) – A TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) – A TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) – A TLS_DHE_RSA_WITH_AES_256_CCM (dh 2048) – A TLS_DHE_RSA_WITH_AES_256_CCM_8 (dh 2048) – A TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) – A TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 (dh 2048) – A TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 (dh 2048) – A TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) – A TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (dh 2048) – A TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) – A TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 (dh 2048) – A TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (dh 2048) – A TLS_DH_anon_WITH_AES_128_CBC_SHA (dh 2048) – F TLS_DH_anon_WITH_AES_128_CBC_SHA256 (dh 2048) – F TLS_DH_anon_WITH_AES_128_GCM_SHA256 (dh 2048) – F TLS_DH_anon_WITH_AES_256_CBC_SHA (dh 2048) – F TLS_DH_anon_WITH_AES_256_CBC_SHA256 (dh 2048) – F TLS_DH_anon_WITH_AES_256_GCM_SHA384 (dh 2048) – F TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA (dh 2048) – F TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 (dh 2048) – F TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA (dh 2048) – F TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 (dh 2048) – F TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) – A TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) – A TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) – A TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) – A TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) – A TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) – A TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 (secp256r1) – A TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 (secp256r1) – A TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (secp256r1) – A TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 (secp256r1) – A TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) – A TLS_ECDH_anon_WITH_AES_128_CBC_SHA (secp256r1) – F TLS_ECDH_anon_WITH_AES_256_CBC_SHA (secp256r1) – F TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) – A TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) – A TLS_RSA_WITH_AES_128_CCM (rsa 2048) – A TLS_RSA_WITH_AES_128_CCM_8 (rsa 2048) – A TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) – A TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) – A TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) – A TLS_RSA_WITH_AES_256_CCM (rsa 2048) – A TLS_RSA_WITH_AES_256_CCM_8 (rsa 2048) – A TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) – A TLS_RSA_WITH_ARIA_128_GCM_SHA256 (rsa 2048) – A TLS_RSA_WITH_ARIA_256_GCM_SHA384 (rsa 2048) – A TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) – A TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (rsa 2048) – A TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) – A TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (rsa 2048) – A

TLSv1.3: TLS_AKE_WITH_AES_128_CCM_SHA256 (ecdh_x25519) – A TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519) – A TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) – A TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) – A

If the ciphers used are not part of the previous list, the service may return communication errors and not work correctly.

We therefore invite you to update your applications so as to be aligned with the new security standards.

If shipping problems are encountered despite the TLS/cipher update, we suggest disabling any peer checks and/or contacting us to update the hostname of your Listener if the SmartRelay setup is several years old.