Revised List of Supported Ciphers for EU Proxy Security Enhancement Revised List of Supported Ciphers for EU Proxy Security Enhancement

Revised List of Supported Ciphers for EU Proxy Security Enhancement

Maria Scieranska

Update: The EU Proxy Ciphers update has been postponed. The new planned implementation date is September 27, 2024. We apologize for any inconvenience.

 

The EU proxy feature of Vonage Video API enables clients to route all internet traffic (except for media streams) via proxy servers hosted inside the EU. (Non-media traffic includes Video API calls, WebSocket connections, and log traffic.) The EU proxy feature is available to customers of the EU Regional Media Zone add-on feature, which enables applications to restrict all media stream traffic within the EU. 

On September 27, 2024, we plan to update the Video API EU Proxy feature to support  a broader array of robust ciphers, while also removing weaker ciphers. 

As of this date, customers need to ensure they only use ciphers available from within the provided list of supported cipher suites provided below:

  1. TLS_AES_128_GCM_SHA256
  2. TLS_AES_256_GCM_SHA384
  3. TLS_CHACHA20_POLY1305_SHA256
  4. TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  5. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  6. TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  7. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  8. TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  9. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  10. TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  11. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  12. TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  13. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  14. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  15. TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  16. TLS_RSA_WITH_AES_128_GCM_SHA256
  17. TLS_RSA_WITH_AES_128_CBC_SHA256
  18. TLS_RSA_WITH_AES_256_GCM_SHA384
  19. TLS_RSA_WITH_AES_256_CBC_SHA256
  20. TLS_RSA_WITH_AES_256_CBC_SHA

Each cipher suite has been meticulously selected to align with stringent security standards, prioritizing the confidentiality, integrity, and authenticity of transmitted data. The inclusion of these robust cipher suites serves as a proactive measure to mitigate potential security vulnerabilities, ensuring a resilient and secure environment for customer interactions.

Usage of following Cipher suites is being deprecated to ensure compliance with security guidelines of Vonage:

  1. TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 (0xCC, 0xAC)
  2. TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xCC, 0xA9)
  3. TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xCC, 0xA8) 
  4. TLS_ECDHE_ECDSA_AES_128_CCM (0xC0, 0xAC) 
  5. TLS_ECDHE_ECDSA_WITH_AES_256_CCM (0xC0, 0xAD) 
  6. TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (0xC0, 0xAE) 
  7. TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 (0xC0, 0xAF) 
  8. TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x00, 0x9E) 
  9. TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x00, 0x9F)  
  10. TLS_DHE_RSA_WITH_AES_128_CCM (0xC0, 0x9E) 
  11. TLS_DHE_RSA_WITH_AES_256_CCM (0xC0, 0x9F) 
  12. TLS_DHE_RSA_WITH_AES_128_CCM_8 (0xC0, 0xA2) 
  13. TLS_DHE_RSA_WITH_AES_256_CCM_8 (0xC0, 0xA3) 
  14. TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00, 0xA2)
  15. TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00, 0xA3)

For further inquiries or assistance regarding the updated cipher suites supported by the EU Proxy, please reach out to our dedicated support team. We are committed to safeguarding the confidentiality and integrity of your data, prioritizing your security needs.