This offer is only addressed to commercial customers including freelancers and entrepreneurs. All prices are exclusive of value added tax (VAT).
  • Share via email
  • Subscribe to blog alert

Bosch IoT Insights – TLS 1.1 removal and disabling of weak cipher suites

TLS 1.1 removal and disabling of weak cipher suites

At the moment, Bosch IoT Insights still supports the TLS version 1.1.
Our goal is to always offer an up-to-date and secure service for the device communication. However, the TLS version 1.1 has been considered insecure. (IETF)

Consequences
If your devices or applications still use the TLS version 1.1, they will no longer be able to connect to Bosch IoT Insights after october 2021.

As a customer having a paid plan §15.3 Changes of the Service and the Terms and Conditions of the SaaS Terms and Conditions applies [2]: “[…] If Customer does not object within 30 days of receipt of the notification and continues to use the Service after expiry of the period for objection, then the changes shall be deemed to have been effectively agreed as from the expiry date of the time limit. In the event of an objection, the contractual relationship shall be continued subject to the conditions applying hitherto. If an objection is raised, Provider is entitled to terminate the contractual relationship subject to a one (1) month’ notice period.”

Our API will only support the following cipher suites and therefore only TLS1.2 or higher:

TLS Version Cipher Suite Name (IANA/RFC) Hex KeyExch. Auth. Encryption Bits Cipher Suite Name (OpenSSL)
TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xc030 ECDHE RSA AES-GCM 256 ECDHE-RSA-AES256-GCM-SHA384
TLSv1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xc02f ECDHE RSA AES-GCM 128 ECDHE-RSA-AES128-GCM-SHA256
TLSv1.2 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xcca8 ECDHE RSA CHACHA20-POLY1305 256 ECDHE-RSA-CHACHA20-POLY1305-SHA256
TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xc028 ECDHE RSA AES 256 ECDHE-RSA-AES256-SHA384
TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xc014 ECDHE RSA AES 256 ECDHE-RSA-AES256-CBC-SHA
TLSv1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xc027 ECDHE RSA AES 128 ECDHE-RSA-AES128-SHA256
TLSv1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xc013 ECDHE RSA AES 128 ECDHE-RSA-AES128-CBC-SHA

 

Support
For testing purposes, we offer an endpoint with the future TLS policy. Please note, that this is only a temporary testing environment.
As soon as we apply the TLS policy to the standard endpoints, the testing environment will be shut down.
You should therefore not connect any productive devices to these test endpoints. If you have any problems when testing, please let us know.

The test endpoint with the future TLS version and ciphers is as follows:
https://www.tlscheck-bosch-iot-insights.com

Depending from the response you can see if a TLS1.2 connection does work or not with your client.
For your help have a look into following table:

Successfully responses Failing responses
HTTP status 200 (optional with HTML page) curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
HTTP status 405 (optional with HTML page)

 

If you have any further questions, do not hesitate to contact us.