Deprecating Weak Cipher Suites Across All Public-Facing Product URLs
Last updated on: September 4, 2024
Strengthening Security for Our Customers
At Qualys, your security is our top priority. To ensure we continue providing the highest level of protection, we are making an important update to our security protocols. Effective January 31, 2025, we will be deprecating weak cipher suites across all public-facing product URLs.
What Are Cipher Suites?
Cipher suites are a set of algorithms that help secure network connections that use SSL/TLS. They include key exchange algorithms, bulk encryption algorithms, and message authentication codes. The strength of a cipher suite is crucial for maintaining the confidentiality, integrity, and authenticity of your data as it travels over the internet.
What Cipher Suites Are Being Deprecated?
TLS 1.2
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA
What Are All the Public-Facing Product URLs?
The following table includes the impacted URLs including http://pci.qualys.com
Platform | Platform URL | API Server URL | API Gateway URL | Cloud Agent and Qualys CDN URLs | Container Security Server URL | Qualys Gateway Service | Scanner URLs |
---|---|---|---|---|---|---|---|
US1 | https://qualysguard.qualys.com/ | https://qualysapi.qualys.com | https://gateway.qg1.apps.qualys.com | https://qagpublic.qg1.apps.qualys.com, https://cask.qg1.apps.qualys.com | https://cmsqagpublic.qg1.apps.qualys.com/ContainerSensor | https://camspublic.qg1.apps.qualys.com, https://camspm.qg1.apps.qualys.com, https://camsrepo.qg1.apps.qualys.com, https://qg1.apps.qualys.com | https://qgadmin.qualys.com, https://distribution.qualys.com, https://monitoring.qualys.com, https://scanservice1.qualys.com |
US2 | https://qualysguard.qg2.apps.qualys.com/ | https://qualysapi.qg2.apps.qualys.com | https://gateway.qg2.apps.qualys.com | https://qagpublic.qg2.apps.qualys.com, https://cask.qg2.apps.qualys.com | https://cmsqagpublic.qg2.apps.qualys.com/ContainerSensor | https://camspublic.qg2.apps.qualys.com, https://camspm.qg2.apps.qualys.com, https://camsrepo.qg2.apps.qualys.com, https://qg2.apps.qualys.com | https://qgadmin.qg2.apps.qualys.com, https://distribution.qg2.apps.qualys.com, https://monitoring.qg2.apps.qualys.com, https://scanservice1.qg2.apps.qualys.com |
US3 | https://qualysguard.qg3.apps.qualys.com/ | https://qualysapi.qg3.apps.qualys.com | https://gateway.qg3.apps.qualys.com | https://qagpublic.qg3.apps.qualys.com, https://cask.qg3.apps.qualys.com | https://cmsqagpublic.qg3.apps.qualys.com/ContainerSensor | https://camspublic.qg3.apps.qualys.com, https://camspm.qg3.apps.qualys.com, https://camsrepo.qg3.apps.qualys.com, https://qg3.apps.qualys.com | https://qgadmin.qg3.apps.qualys.com, https://distribution.qg3.apps.qualys.com, https://monitoring.qg3.apps.qualys.com, https://scanservice1.qg3.apps.qualys.com |
US4 | https://qualysguard.qg4.apps.qualys.com/ | https://qualysapi.qg4.apps.qualys.com | https://gateway.qg4.apps.qualys.com | https://qagpublic.qg4.apps.qualys.com, https://cask.qg4.apps.qualys.com | https://cmsqagpublic.qg4.apps.qualys.com/ContainerSensor | https://camspublic.qg4.apps.qualys.com, https://camspm.qg4.apps.qualys.com, https://camsrepo.qg4.apps.qualys.com, https://qg4.apps.qualys.com | https://qgadmin.qg4.apps.qualys.com, https://distribution.qg4.apps.qualys.com, https://monitoring.qg4.apps.qualys.com, https://scanservice1.qg4.apps.qualys.com |
EU1 | https://qualysguard.qualys.eu/ | https://qualysapi.qualys.eu | https://gateway.qg1.apps.qualys.eu | https://qagpublic.qg1.apps.qualys.eu, https://cask.qg1.apps.qualys.eu | https://cmsqagpublic.qg1.apps.qualys.eu/ContainerSensor | https://camspublic.qg1.apps.qualys.eu, https://camspm.qg1.apps.qualys.eu, https://camsrepo.qg1.apps.qualys.eu, https://qg1.apps.qualys.eu | https://qgadmin.qualys.eu, https://distribution.qualys.eu, https://monitoring.qualys.eu, https://scanservice1.qualys.eu |
EU2 | https://qualysguard.qg2.apps.qualys.eu/ | https://qualysapi.qg2.apps.qualys.eu | https://gateway.qg2.apps.qualys.eu | https://qagpublic.qg2.apps.qualys.eu, https://cask.qg2.apps.qualys.eu | https://cmsqagpublic.qg2.apps.qualys.eu/ContainerSensor | https://camspublic.qg2.apps.qualys.eu, https://camspm.qg2.apps.qualys.eu, https://camsrepo.qg2.apps.qualys.eu, https://qg2.apps.qualys.eu | https://qgadmin.qg2.apps.qualys.eu, https://distribution.qg2.apps.qualys.eu, https://monitoring.qg2.apps.qualys.eu, https://scanservice1.qg2.apps.qualys.eu |
EU3 | https://qualysguard.qg3.apps.qualys.it | https://qualysapi.qg3.apps.qualys.it | https://gateway.qg3.apps.qualys.it | https://qagpublic.qg3.apps.qualys.it, https://cask.qg3.apps.qualys.it | https://cmsqagpublic.qg3.apps.qualys.it/ContainerSensor | https://camspublic.qg3.apps.qualys.it, https://camspm.qg3.apps.qualys.it, https://camsrepo.qg3.apps.qualys.it, https://qg3.apps.qualys.it | https://qgadmin.qg3.apps.qualys.it, https://distribution.qg3.apps.qualys.it, https://monitoring.qg3.apps.qualys.it, https://scanservice1.qg3.apps.qualys.it |
IN1 | https://qualysguard.qg1.apps.qualys.in | https://qualysapi.qg1.apps.qualys.in | https://gateway.qg1.apps.qualys.in | https://qagpublic.qg1.apps.qualys.in, https://cask.qg1.apps.qualys.in | https://cmsqagpublic.qg1.apps.qualys.in/ContainerSensor | https://camspublic.qg1.apps.qualys.in, https://camspm.qg1.apps.qualys.in, https://camsrepo.qg1.apps.qualys.in, https://qg1.apps.qualys.in | https://qgadmin.qg1.apps.qualys.in, https://distribution.qg1.apps.qualys.in, https://monitoring.qg1.apps.qualys.in, https://scanservice1.qg1.apps.qualys.in |
CA1 | https://qualysguard.qg1.apps.qualys.ca | https://qualysapi.qg1.apps.qualys.ca | https://gateway.qg1.apps.qualys.ca | https://qagpublic.qg1.apps.qualys.ca, https://cask.qg1.apps.qualys.ca | https://cmsqagpublic.qg1.apps.qualys.ca/ContainerSensor | https://camspublic.qg1.apps.qualys.ca, https://camspm.qg1.apps.qualys.ca, https://camsrepo.qg1.apps.qualys.ca, https://qg1.apps.qualys.ca | https://qgadmin.qg1.apps.qualys.ca, https://distribution.qg1.apps.qualys.ca, https://monitoring.qg1.apps.qualys.ca, https://scanservice1.qg1.apps.qualys.ca |
AE1 | https://qualysguard.qg1.apps.qualys.ae | https://qualysapi.qg1.apps.qualys.ae | https://gateway.qg1.apps.qualys.ae | https://qagpublic.qg1.apps.qualys.ae, https://cask.qg1.apps.qualys.ae | https://cmsqagpublic.qg1.apps.qualys.ae/ContainerSensor | https://camspublic.qg1.apps.qualys.ae, https://camspm.qg1.apps.qualys.ae, https://camsrepo.qg1.apps.qualys.ae, https://qg1.apps.qualys.ae | https://qgadmin.qg1.apps.qualys.ae, https://distribution.qg1.apps.qualys.ae, https://monitoring.qg1.apps.qualys.ae, https://scanservice1.qg1.apps.qualys.ae |
UK1 | https://qualysguard.qg1.apps.qualys.co.uk | https://qualysapi.qg1.apps.qualys.co.uk | https://gateway.qg1.apps.qualys.co.uk | https://qagpublic.qg1.apps.qualys.co.uk, https://cask.qg1.apps.qualys.co.uk | https://cmsqagpublic.qg1.apps.qualys.co.uk/ContainerSensor | https://camspublic.qg1.apps.qualys.co.uk, https://camspm.qg1.apps.qualys.co.uk, https://camsrepo.qg1.apps.qualys.co.uk, https://qg1.apps.qualys.co.uk | https://qgadmin.qg1.apps.qualys.co.uk, https://distribution.qg1.apps.qualys.co.uk, https://monitoring.qg1.apps.qualys.co.uk, https://scanservice1.qg1.apps.qualys.co.uk |
AU1 | https://qualysguard.qg1.apps.qualys.com.au | https://qualysapi.qg1.apps.qualys.com.au | https://gateway.qg1.apps.qualys.com.au | https://qagpublic.qg1.apps.qualys.com.au, https://cask.qg1.apps.qualys.com.au | https://cmsqagpublic.qg1.apps.qualys.com.au/ContainerSensor | https://camspublic.qg1.apps.qualys.com.au, https://camspm.qg1.apps.qualys.com.au, https://camsrepo.qg1.apps.qualys.com.au, https://qg1.apps.qualys.com.au | https://qgadmin.qg1.apps.qualys.com.au, https://distribution.qg1.apps.qualys.com.au, https://monitoring.qg1.apps.qualys.com.au, https://scanservice1.qg1.apps.qualys.com.au |
KSA1 | https://qualysguard.qg1.apps.qualysksa.com/ | https://qualysapi.qg1.apps.qualysksa.com | https://gateway.qg1.apps.qualysksa.com | https://qagpublic.qg1.apps.qualysksa.com, https://cask.qg1.apps.qualysksa.com | https://cmsqagpublic.qg1.apps.qualysksa.com/ContainerSensor | https://camspublic.qg1.apps.qualysksa.com, https://camspm.qg1.apps.qualysksa.com, https://camsrepo.qg1.apps.qualysksa.com, https://qg1.apps.qualysksa.com | https://qgadmin.qg1.apps.qualysksa.com, https://distribution.qg1.apps.qualysksa.com, https://monitoring.qg1.apps.qualysksa.com, https://scanservice1.qg1.apps.qualysksa.com |
Why Are We Deprecating Weak Cipher Suites?
Over time, some cipher suites become vulnerable to advanced cyber threats. By deprecating weak cipher suites, we aim to:
- Enhance Security: Protect against potential vulnerabilities that could be exploited by attackers.
- Maintain Compliance: Align with industry standards and regulatory requirements that mandate the use of strong encryption methods.
- Improve Performance: Stronger cipher suites can lead to more efficient and secure connections.
How Will This Affect You?
Starting January 31, 2025, any connections to Qualys public-facing product URLs that attempt to use deprecated weak cipher suites will be denied. This change may require you to update your systems and applications to ensure they support stronger, approved cipher suites.
Recommended Actions
- Qualys Login
- Ensure you are using a modern and up-to-date web browser
- Qualys API
- Ensure you are using a modern and up-to-date operating system that supports at least one of the following:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- Ensure you are using a modern and up-to-date operating system that supports at least one of the following:
- Scanner
- No action needed as Scanner is using a strong cipher suite
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- No action needed as Scanner is using a strong cipher suite
- Cloud Agent
- Ensure the operating system in which the Cloud Agent is installed has at least one of the following strong cipher suites
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- Qualys will email the primary contact for each subscription with impacted agents no later than September 30, 2024
- Customers can also leverage Information Gathered QID 45651 Strong Cipher Suites Missing to discover impacted assets.
- Ensure the operating system in which the Cloud Agent is installed has at least one of the following strong cipher suites
- Qualys Gateway Service
- No action needed as QGS is using a strong cipher suite
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- No action needed as QGS is using a strong cipher suite
- Container Security Sensor
- No action needed as QGS is using a strong cipher suite
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- No action needed as QGS is using a strong cipher suite
TLS 1.3
TLS 1.3 represents a significant advancement in secure internet communication protocols, offering enhanced performance, stronger encryption, and improved security features compared to its predecessors. At Qualys, we recognize the importance of adopting the latest standards to safeguard our customers’ data. While some of our URLs already support TLS 1.3, we are committed to enabling it across all product URLs by end of 2024. This upgrade will not only ensure faster and more secure connections but also align with industry best practices, providing our users with the highest level of protection against modern cyber threats
Commitment to Security
Deprecating weak cipher suites is part of our ongoing commitment to providing secure and reliable services to our customers. We appreciate your understanding and cooperation in making this necessary change
If you have any questions about the cipher suites being deprecated, please connect with your TAM or contact support