OneSpan Sign is committed to protecting the security of our customers' data. Thus we are continuously updating our security requirements for communicating with the service.
We recently required user platforms that communicate with the service to support strong ciphers for both incoming and outgoing Callback Notifications and SMTP messages. Users running older platforms or browsers may not be able to communicate with the service, including the application's API. Should you experience any issues, upgrade your integration framework to use strong ciphers.
Instead of configuring to allow specific ciphers, most servers are normally configured to accept only “HIGH” (strong) ciphers. With that configuration, if a cipher gets compromised, it is simply removed from the list when the server is updated.
Requiring strong ciphers will ensure that we support only TLS 1.1 and 1.2 high-encryption ciphers, including EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:
For more information, contact your IT security department, or contact our Support Team.
More information about minimum security requirements is available here.