Summary
The security level of the IDR cipher ECDHE-RSA-AES256-SHA384 will be changed from HIGH to MEDIUM in INCOMING and OUTGOING connection encryption settings. This is planned for October 2023 release.
Details
INCOMING Connection
If you are using HIGH encryption settings for INCOMING connections and if the end user/API client machines do not have any other common cipher than ECDHE-RSA-AES256-SHA384, upgrade the machines to include ciphers from the following list.
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES128-GCM-SHA256
- DHE-RSA-AES256-GCM-SHA384
- DHE-RSA-AES128-GCM-SHA256
OUTGOING Connection
If you are using HIGH encryption settings for OUTGING connections and if any of the configured proxy backend applications (HTTP Federation Proxy/Trusted Header) do not have any other common cipher than ECDHE-RSA-AES256-SHA384, upgrade the backend applications to include the ciphers from the following list.
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES128-GCM-SHA256
- DHE-RSA-AES256-GCM-SHA384
- DHE-RSA-AES128-GCM-SHA256
If you are unable to upgrade the cipher ECDHE-RSA-AES256-SHA384 settings at client, configure the MEDIUM level and publish.
Related Articles
How to view a certificate fingerprint as SHA-256, SHA-1 or MD5 using OpenSSL for RSA Authentication Manager Number of Views How to determine the version and patch level of RSA Identity Governance & Lifecycle Number of Views RSA Authentication Manager 8.3 Administrator's Guide Number of Views Determining if the RSA Authentication Manager 8.x install platform is hardware or virtual Number of Views RSA Authentication API Developer's Guide (PDF) Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026) Supported On-Demand Authentication (ODA) SMS providers for use with RSA Authentication Manager 8.x Deploying RSA Authenticator 6.2.2 for Windows Using DISM
