TLS is a set of security protocols that provide communication security over networks. The Internet Engineering Task Force (IETF) is the regulatory organization that defines, updates, and releases TLS standards. TLS 1.3 is the latest version.
The Celigo platform supports TLS 1.2 and 1.3.
Important
After September 30, 2025, the Celigo platform will no longer support TLS 1.0 and TLS 1.1. Verify that all your custom integrations are updated to use endpoints that are TLS 1.2 or higher by September 30, 2025.
TLS 1.0 and 1.1 are susceptible to security vulnerabilities because both use weak hash algorithms (e.g. SHA-1, MD5) and have inadequate support for modern ciphers. Legacy ciphers use weak encryption, are incompatible with compliance standards (PCI-DSS, NIST), and are vulnerable to known attacks like BEAST, POODLE, and SWEET32.
The Celigo platform does NOT support the following deprecated legacy ciphers.
-
RC4
-
3DES
-
DES
-
EXPORT and NULL ciphers
-
MD5 and SHA1-based suites
-
Anonymous cipher suites (e.g., ADH)
The Celigo platform supports modern, secure ciphers to be used with TLS 1.2 and TLS 1.3:
-
ECDHE-ECDSA-AES128-GCM-SHA256
-
ECDHE-RSA-AES128-GCM-SHA256
-
ECDHE-RSA-AES256-GCM-SHA384
-
ECDHE-ECDSA-CHACHA20-POLY1305
-
TLS 1.3 default ciphers (non-configurable):
-
TLS_AES_128_GCM_SHA256
-
TLS_AES_256_GCM_SHA384
-
TLS_CHACHA20_POLY1305_SHA256
-
If you are connecting to an endpoint that doesn't provide documentation that identifies the TLS version, you can use sslyze (a Python-based tool that can scan servers for SSL/TLS configuration).
-
EPROTO (final_renegotiate:unsafe legacy renegotiation disabled)
-
ERR_CRYPTO_UNSUPPORTED_OPERATION
-
SSL_ERROR_UNSUPPORTED_VERSION
-
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
-
handshake_failure messages in logs
-
Clients unable to connect to endpoints due to unsupported cipher negotiation
-
API gateway failures when interfacing with third-party systems still using deprecated protocols