Disabling TLS 1.2 weak cipher suites
Until now, Bosch IoT Rollouts DMF (Device Management Federation) API still supports some weak ciphers for TLS 1.2. To harden the TLS communication encryption, we will disable all known weak ciphers by March 01, 2022.
Consequences
If your applications using DMF API are still using weak ciphers, they will no longer be able to connect from March 01, 2022.
As a customer having a paid plan §15.3 Changes of the Service and the Terms and Conditions of the SaaS Terms and Conditions applies : “[…] If Customer does not object within 30 days of receipt of the notification and continues to use the Service after expiry of the period for objection, then the changes shall be deemed to have been effectively agreed as from the expiry date of the time limit. In the event of an objection, the contractual relationship shall be continued subject to the conditions applying hitherto. If an objection is raised, Provider is entitled to terminate the contractual relationship subject to a one (1) month’ notice period.”
The following domains are affected by the change:
- Bosch IoT Rollouts DMF API (EU1): dmf.eu1.bosch-iot-rollouts.com
- Bosch IoT Rollouts DMF API (US1): dmf.us1.bosch-iot-rollouts.com
DMF API will only support the following cipher suites and therefore only TLS 1.2 or higher:
# TLS 1.3 (no changes)
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_AES_128_GCM_SHA256
# TLS 1.2
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Support
If you have any further questions, please do not hesitate to contact us via support.