Product Blog

Upcoming changes to TLS and SSL support

Here's one for all the security buffs out there. The vast majority of our platform will not be impacted by this change, but protecting the security our users and platform at AppNexus is one of our most important tasks.

Blog Post
Josh Ryder

Starting the week of June 11th, 2018, AppNexus will be deprecating the use of Transport Layer Security (TLS) 1.0 and 1.1, along with removing support for the 3DES/DHE/SEED/CAMELLIA ciphers. These changes are in line with current industry best practices, and will ensure that AppNexus traffic is protected to those standards.

As of June 30th, 2018, TLS 1.0 is no longer acceptable for PCI (Payment Card Industry Security Standards Council) compliance. Further, an overall concern regarding some implementations of TLS 1.1 has led to guidance by NIST to deprecate the use of TLS 1.1. Collectively these protocols account for less than 0.8% of our global platform traffic. Within our platform less than 0.155% of our total Console traffic uses TLS1.0, and 0% uses TLS 1.1. Similarly, less than 0.798% of our total impbus traffic uses TLS1.0, and 0.123% use TLS1.1.

Additionally, we will be removing support for 3DES/DHE/SEED/CAMELLIA. In total, these ciphers are used on less than 0.3% of observed traffic platform wide.

We expect that both the protocol and cipher changes will be complete by June 30, 2018.

We're making the change to both maintain the high security standards you've come to expect from AppNexus. After extensive testing we anticipate a smooth transition, and no negative impacts to our customers.