All Collections
Feature Releases & Software Updates
TLS/SSL Security Improvements - 23rd Oct 2021
TLS/SSL Security Improvements - 23rd Oct 2021
This Article to inform you of some upcoming changes we are making to the security settings of the PeopleHR website.
Sheldon Walker avatar
Written by Sheldon Walker
Updated over a week ago

These changes are needed to ensure that we are in-line with current security standards and to continue to provide the highest level of security when accessing your data. These changes have been extensively tested to ensure broad computability with clients and we do not expect any users will be affected by this change.

The changes are detailed below along with some steps that you can take should you experience any issues after 23/10/2021.

What is happening

As of 23/10/2021 we will be removing support for the following TLS 1.2 Ciphers from our systems:

  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

  • TLS_RAS_WITH_CAMELLIA_128_CBD_SHA

Ciphers are cryptographic functions that are used by computers to encrypt/decrypt data in a secure internet connection (often denoted by the prefix https:// in the websites address). The above ciphers are part of a suite of ciphers that are commonly used in HTTPS connections that utilise the Transport Layer Security (TLS) 1.2 protocol.

Why is this happening

This change is a result of some internal upgrades on our systems to ensure that we maintain the highest level of availability and assurance with our systems for our clients. The ciphers noted above are considered to be safe for cryptographic communications however are rarely used in practice by clients in the UK and Europe and whilst supported by many browsers they have been largely replaced by ciphers using Advanced Encryption Standard (AES) ciphers which we continue to support as before.

How will affect me

We do not expect any impact of client connections to the service for the vast majority of our clients. As noted above these ciphers are rarely used and most, if not all, modern browsers will automatically choose one of the alternate ciphers that we have available without notification or change to the client. Modern browsers do this selection (or handshake) all the time so this is a normal standard practice when connecting to web based systems.

In the unlikely event that you do experience any issues connecting to the site after the change then please follow one of the following steps

  1. Ensure that the browser you are using is up to date by visiting the suppliers site – most modern browsers update automatically. If you are unsure on how to update your browser then please speak to your IT Team.

  2. Clear your internet cache by following the steps provided by the supplier – for Chrome the steps are explained here (Clear cache & cookies - Computer - Google Play Help) for Microsoft Edge (View and delete browser history in Microsoft Edge)

  3. Try another browser to access the site if possible (for example if you are using Internet Explorer 11 then could you try Edge or Chrome as an alternative)

  4. Speak to your IT Team to ensure that they are not forcing the use of the above ciphers

More information

From <Date> the following TLS 1.2 ciphers will be supported

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 *

  • ECDHE_RSA_WITH_AES_128_GCM_SHA256 *

  • ECDHE_RSA_WITH_AES_256_CBC_SHA384

  • ECDHE_RSA_WITH_AES_256_CBC_SHA

  • RSA_WITH_AES_256_GCM_SHA384

  • RSA_WITH_AES_256_CBC_SHA256

  • RSA_WITH_AES_256_CBC_SHA

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

  • TLS_RSA_WITH_AES_128_GCM_SHA256

  • TLS_RSA_WITH_AES_128_CBC_SHA256

  • TLS_RSA_WITH_AES_128_CBC_SHA

* These ciphers are preferred

If you have any questions or need further guidance, please dont hesitate to contact customer support.

Thank you,

PeopleHR Product Team

Did this answer your question?