Breaking Change Planned - Disabling Weak Cipher Suites First Rehearsal This Week

The rehearsal duration is 3 hours (until 1:00 GMT (20:00 EST)). We ask that you use this time to ensure that your application continues to work with the planned cipher suite changes. If your application's network configuration is not compatible with this change, your application will lose access to SKY API during this rehearsal. If your application makes SKY API requests from a distributed application architecture or utilizes various technologies, it's possible that only a portion of your application will lose access. Please consider all aspects of your application.

What’s changing?
In an ongoing effort to prioritize security, privacy, and risk management, SKY API is updating its Gateway TLS configuration to remove cipher suites that Blackbaud and the industry has identified as weak. This change will occur on Wednesday, February 28th, 2024. Depending on your application's networking and cipher configuration, these may be breaking changes.The updated list of supported cipher suites include:

• TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

For reference, our current supported cipher suites are documented under TLS requirements on the Basics page.

Our next rehearsal is on February 14th. If your application experiences issues during the first rehearsal, you'll have one more opportunity to verify your application's configuration during Rehearsal #2 on Wednesday, February 14th, 2024 at 10:00 GMT (5:00 EST) – 12:00 GMT (7:00 EST).

During rehearsals, if you uncover an issue with your configuration and cannot resolve it using one of the documented cipher suites above, contact the Blackbaud SKY Developer team.