Outdated or obsolete SSL ciphers to be disabled
Scheduled Maintenance Report for LoanPro
Completed
The scheduled maintenance has been completed.
Posted Sep 17, 2021 - 00:01 MDT
In progress
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Posted Sep 17, 2021 - 00:00 MDT
Scheduled
Currently the LoanPro API supports SSL ciphers that have been identified as containing cryptographic issues, are marked as outdated or obsolete. In order to protect the privacy and security of our customer's data, these SSL ciphers will be disabled. The change goes into effect in production on September 17, 2021.

The change will be to the accepted cipher suites. The preferred cipher suite remains TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256. The following cipher suites are removed as accepted cipher suites:

TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
TLSv1.2 128 bits AES128-GCM-SHA256
TLSv1.2 128 bits AES128-SHA256
TLSv1.2 256 bits AES256-GCM-SHA384
TLSv1.2 256 bits AES256-SHA256
Leaving the supported cipher suites as:

Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
Please adjust or update your clients accessing the LoanPro API to make sure it can establish a secure communication channel using one of the supported cipher suites and avoid any outages in your service.

Regards,

LoanPro Team
Posted Jun 07, 2021 - 08:45 MDT
This scheduled maintenance affected: LoanPro - LMS API.
Current Status Powered by Atlassian Statuspage