Action required: Update to TLS version 1.2 and supported ciphers to ensure uninterrupted connection with Duo
Posted on
June 29, 2023
Service Advisory
Please be advised that Duo will no longer support Transport Layer Security (TLS) versions 1.0 or 1.1 for any Duo product or service. Duo will also no longer support TLS connection requests negotiated by insecure cipher suites. There have been no authentications using the affected TLS versions in the last 30 days.
What will change?
Beginning June 30, 2023, the following connection requests will receive an error response from Duo, resulting in blocked MFA and end-users unable to log in to protected applications:
TLS 1.0/1.1 connection requests
TLS connection requests negotiated by unsupported cipher suites
This can affect connection requests from:
Duo Windows applications
Duo Unix on a Unix/Linux system with OpenSSL version 1.0.0 or earlier
Duo SDKs used by custom applications
Third-party SDKs that connect to Duo APIs
Duo LDAPS application for SSL VPN
Duo Mobile still in use on older versions of Android
Any device used to access a Duo protected application using an embedded browser, operating system, or web browser that is no longer supported by Duo
Duo recommends using updated software. All versions of macOS, Android, and iOS supported by Duo will be unaffected because their default configuration uses TLS 1.2 and secure cipher suites.
We thank you for your time and continued understanding.
