Security update: Retiring weak TLS cipher suites

Posted on by Hariharan T
2 Mins Read

At Zoho Corp, we are dedicated to maintaining the highest security and compliance standards. As part of our ongoing efforts to enhance security, we are transitioning to support only strong TLS cipher suites across all Zoho data centers (DCs). Support for weak cipher suites will end on June 30, 2026.

This follows our earlier initiative to discontinue support for older TLS versions, reinforcing our commitment to a strong security posture.

Supported TLS cipher suites going forward

TLS 1.2:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

TLS 1.3:
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256

Action required
Most modern browsers and API clients automatically use strong and secure TLS cipher suites. However, if you're using older versions of browsers or API clients, we recommend upgrading to the latest versions to continue accessing Zoho services without any interruption.

How to check
Use our test link to quickly confirm if your system is using secure TLS cipher suites:
https://tlstest.zoho.com/api

You can use this link in two ways:

  1. Browser check: Open the link directly in your web browser. This confirms if your browser is establishing a secure connection using strong TLS cipher suites.
  2. API clients: Use this link within your API clients (e.g., Python scripts, Java programs, Postman). Check the response returned by the API to verify whether your application is using a strong TLS cipher suite

What you'll see:

If everything is secure, you’ll get a message like:

{
"status": 200,
"tls_version": "TLSv1.3",
"cipher": "TLS_AES_128_GCM_SHA256",
"message": "Strong cipher"
}

If the status code returned is 200, this indicates your browser/API client is successfully communicating with a strong cipher.

If your system is using outdated encryption, you’ll see:

{
"status": 400,
"tls_version": "TLSv1.2",
"cipher": "ECDHE-RSA-AES128-SHA256",
"message": "Weak cipher"
}

If the status code returned is 400, please update to the latest browser/API client by June 30, 2026 to ensure continued connectivity and security.

Need assistance? 

For any clarification or support regarding this update,
please reach out to security@zohocorp.com.

This update is part of Zoho Corp’s broader strategy to enhance the security of our services 
continuously and protect our customer data.

Comments

Leave a Reply

Your email address will not be published.

The comment language code.
By submitting this form, you agree to the processing of personal data according to our Privacy Policy.

Related Posts