What is this change?
At Zuora, our customers trust is our #1 value, and we take the protection of our customers' data very seriously. To maintain the highest security standards and promote the protection of your data, we occasionally need to make security improvements and deprecate older encryption protocols and cipher suits. To maintain alignment with industry standard best practices, Zuora will disable select cipher suites for all inbound connections to Zuora using our APIs and Zuora UI
What are we doing?
Removing support for older cipher suites from Zuora API and UI endpoints
What will this change affect?
This change will affect all incoming web browser based traffic as well as API traffic to both API Sandbox and Production.
What cipher suites are being removed?
CBC
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
3DES
TLS_RSA_WITH_3DES_EDE_CBC_SHA
What ciphers suites will be supported following the change?
ECDHE
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
When will this change take place?
We will take a phased approach to allow customers ample time to test and ensure your preparation.
Phase 1 - Zuora Billing API Sandbox and all NON production Zuora Billing environments
On Saturday November 5, 2022 from 4 PM PDT - 6 PM PDT, we will remove the ciphers listed
Phase 2 - Zuora Billing - All Production environments
On Saturday February 18 2023 from 4 PM PST - 6 PM PST, we will remove the ciphers listed as aligned with our 2023 Q1 maintenance window
Cancelled - please review reply in thread below
Will there be downtime associated with this change?
For customers whose integrations and systems already use the supported ciphers, there will be no downtime associated with this change.
What do I need to do?
Please work with your local IT, Security, Development team, or whomever supports and maintains your API integration to Zuora to validate your APIs can successfully negotiate API and UI connection using only the supported cipher suites. Most modern API platforms and browsers already support these latest ciphers, however each customer needs to validate and verify accordingly.
What happens if I take no action?
Failure to make any necessary changes before the above dates may result in a potential disruption of Zuora services for your integrations.
Customers are advised to perform the necessary validations and changes to ensure support for the ciphers listed. If you have made the necessary changes, or confirm your integration supports the listed ciphers, then no further action is required on your part.
How can I test my integration's readiness for this change?
Apart from verifying cipher support with your local technology teams, you may test directly using API Sandbox and Central Sandbox endpoints after the change is deployed on November 5, 2022
Zuora Global Support is readily available to answer any additional questions you may have.
Please contact Zuora Billing Support at support@zuora.com, or by our Customer Support Portal