Skip to main content
All CollectionsCompliance and security
Ensuring Your Connection Is Compatible with TLS 1.2 and 1.3
Ensuring Your Connection Is Compatible with TLS 1.2 and 1.3
Ferdinand avatar
Written by Ferdinand
Updated over a week ago

📖 Table of contents

How to Test Your Connection to Ensure Compatibility with TLS 1.2 and 1.3

Why is this test important?

Supported Cipher Suites

For APP Users (Web Browsers)

For API Users (Integrations)

Common Issues and Solutions

How to Test Your Connection to Ensure Compatibility with TLS 1.2 and 1.3

As part of our infrastructure upgrade, support for TLS 1.1 and older cipher suites is being deprecated. To avoid any disruption, it’s important to verify that your systems are compatible with TLS 1.2 and 1.3. This guide will walk you through the steps to test your connection.

Why is this test important?

Transport Layer Security (TLS) ensures that data exchanged between your systems and our services remains private and secure. By retiring older versions like TLS 1.1, we enhance security, performance, and compliance with modern standards. This test helps ensure that your systems are ready for these changes.

Supported Cipher Suites

The following cipher suites will remain supported after the infrastructure update:

TLSv1.2:

  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

TLSv1.3:

  • TLS_AKE_WITH_AES_128_GCM_SHA256

  • TLS_AKE_WITH_AES_256_GCM_SHA384

  • TLS_AKE_WITH_CHACHA20_POLY1305_SHA256

For APP Users (Web Browsers):

Open a modern web browser (e.g., Chrome, Firefox, Opera, Edge, Safari) on your device.

Visit https://ciphers-test.yousign.app

If your are seeing the following page, your browser is compatible.

If your browser is showing you an error page containing words like ERR_SSL_VERSION you are not compatible, and you need to upgrade your browser and your operating system.

For API Users (Integrations):

Share the test URL https://ciphers-test.yousign.app with your integration team or provider and ask them to test the connection from your integration environment.

Example with a cURL client connecting with a modern TLS 1.3 protocol :

➜  ~ curl -I --tlsv1 --tls-max 1.3 https://ciphers-test.yousign.app/
HTTP/2 200
accept-ranges: bytes
cache-control: no-cache
content-type: text/html
date: Tue, 21 Jan 2025 17:19:47 GMT
etag: "678f5660-41c"
expires: Tue, 21 Jan 2025 17:19:46 GMT
last-modified: Tue, 21 Jan 2025 08:10:08 GMT
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1052

Same example but forcing a TLS 1.1 version which will be removed :

➜  ~ curl -I --tlsv1 --tls-max 1.1 https://ciphers-test.yousign.app/
curl: (35) LibreSSL/3.3.6: error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version

Common Issues and Solutions

Outdated Browser or Operating System:

Update to the latest versions to ensure compatibility with TLS 1.2 and 1.3.

Legacy HTTP Clients in APIs:

Ensure your integration uses libraries or tools that support modern protocols. Examples include modern versions of cURL, Python requests, or Node.js HTTPS modules.

Firewall or Proxy Restrictions:

Verify that your network infrastructure does not block access to the test environment.

Did this answer your question?