Deprecating Weak Cipher Suites Across All Public-Facing Product URLs

Spencer Brown

Last updated on: September 4, 2024

Strengthening Security for Our Customers

At Qualys, your security is our top priority. To ensure we continue providing the highest level of protection, we are making an important update to our security protocols. Effective January 31, 2025, we will be deprecating weak cipher suites across all public-facing product URLs.

What Are Cipher Suites?

Cipher suites are a set of algorithms that help secure network connections that use SSL/TLS. They include key exchange algorithms, bulk encryption algorithms, and message authentication codes. The strength of a cipher suite is crucial for maintaining the confidentiality, integrity, and authenticity of your data as it travels over the internet.

What Cipher Suites Are Being Deprecated?

TLS 1.2

  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA

What Are All the Public-Facing Product URLs?

The following table includes the impacted URLs including http://pci.qualys.com 

PlatformPlatform URLAPI Server URLAPI Gateway URLCloud Agent and Qualys CDN URLsContainer Security Server URLQualys Gateway ServiceScanner URLs
US1https://qualysguard.qualys.com/https://qualysapi.qualys.comhttps://gateway.qg1.apps.qualys.comhttps://qagpublic.qg1.apps.qualys.com, https://cask.qg1.apps.qualys.comhttps://cmsqagpublic.qg1.apps.qualys.com/ContainerSensorhttps://camspublic.qg1.apps.qualys.com, https://camspm.qg1.apps.qualys.com, https://camsrepo.qg1.apps.qualys.com, https://qg1.apps.qualys.comhttps://qgadmin.qualys.com, https://distribution.qualys.com, https://monitoring.qualys.com, https://scanservice1.qualys.com
US2https://qualysguard.qg2.apps.qualys.com/https://qualysapi.qg2.apps.qualys.comhttps://gateway.qg2.apps.qualys.comhttps://qagpublic.qg2.apps.qualys.com, https://cask.qg2.apps.qualys.comhttps://cmsqagpublic.qg2.apps.qualys.com/ContainerSensorhttps://camspublic.qg2.apps.qualys.com, https://camspm.qg2.apps.qualys.com, https://camsrepo.qg2.apps.qualys.com, https://qg2.apps.qualys.comhttps://qgadmin.qg2.apps.qualys.com, https://distribution.qg2.apps.qualys.com, https://monitoring.qg2.apps.qualys.com, https://scanservice1.qg2.apps.qualys.com
US3https://qualysguard.qg3.apps.qualys.com/https://qualysapi.qg3.apps.qualys.comhttps://gateway.qg3.apps.qualys.comhttps://qagpublic.qg3.apps.qualys.com, https://cask.qg3.apps.qualys.comhttps://cmsqagpublic.qg3.apps.qualys.com/ContainerSensorhttps://camspublic.qg3.apps.qualys.com, https://camspm.qg3.apps.qualys.com, https://camsrepo.qg3.apps.qualys.com, https://qg3.apps.qualys.comhttps://qgadmin.qg3.apps.qualys.com, https://distribution.qg3.apps.qualys.com, https://monitoring.qg3.apps.qualys.com, https://scanservice1.qg3.apps.qualys.com
US4https://qualysguard.qg4.apps.qualys.com/https://qualysapi.qg4.apps.qualys.comhttps://gateway.qg4.apps.qualys.comhttps://qagpublic.qg4.apps.qualys.com, https://cask.qg4.apps.qualys.comhttps://cmsqagpublic.qg4.apps.qualys.com/ContainerSensorhttps://camspublic.qg4.apps.qualys.com, https://camspm.qg4.apps.qualys.com, https://camsrepo.qg4.apps.qualys.com, https://qg4.apps.qualys.comhttps://qgadmin.qg4.apps.qualys.com, https://distribution.qg4.apps.qualys.com, https://monitoring.qg4.apps.qualys.com, https://scanservice1.qg4.apps.qualys.com
EU1https://qualysguard.qualys.eu/https://qualysapi.qualys.euhttps://gateway.qg1.apps.qualys.euhttps://qagpublic.qg1.apps.qualys.eu, https://cask.qg1.apps.qualys.euhttps://cmsqagpublic.qg1.apps.qualys.eu/ContainerSensorhttps://camspublic.qg1.apps.qualys.eu, https://camspm.qg1.apps.qualys.eu, https://camsrepo.qg1.apps.qualys.eu, https://qg1.apps.qualys.euhttps://qgadmin.qualys.eu, https://distribution.qualys.eu, https://monitoring.qualys.eu, https://scanservice1.qualys.eu
EU2https://qualysguard.qg2.apps.qualys.eu/https://qualysapi.qg2.apps.qualys.euhttps://gateway.qg2.apps.qualys.euhttps://qagpublic.qg2.apps.qualys.eu, https://cask.qg2.apps.qualys.euhttps://cmsqagpublic.qg2.apps.qualys.eu/ContainerSensorhttps://camspublic.qg2.apps.qualys.eu, https://camspm.qg2.apps.qualys.eu, https://camsrepo.qg2.apps.qualys.eu, https://qg2.apps.qualys.euhttps://qgadmin.qg2.apps.qualys.eu, https://distribution.qg2.apps.qualys.eu, https://monitoring.qg2.apps.qualys.eu, https://scanservice1.qg2.apps.qualys.eu
EU3https://qualysguard.qg3.apps.qualys.ithttps://qualysapi.qg3.apps.qualys.ithttps://gateway.qg3.apps.qualys.ithttps://qagpublic.qg3.apps.qualys.it, https://cask.qg3.apps.qualys.ithttps://cmsqagpublic.qg3.apps.qualys.it/ContainerSensorhttps://camspublic.qg3.apps.qualys.it, https://camspm.qg3.apps.qualys.it, https://camsrepo.qg3.apps.qualys.it, https://qg3.apps.qualys.ithttps://qgadmin.qg3.apps.qualys.it, https://distribution.qg3.apps.qualys.it, https://monitoring.qg3.apps.qualys.it, https://scanservice1.qg3.apps.qualys.it
IN1https://qualysguard.qg1.apps.qualys.inhttps://qualysapi.qg1.apps.qualys.inhttps://gateway.qg1.apps.qualys.inhttps://qagpublic.qg1.apps.qualys.in, https://cask.qg1.apps.qualys.inhttps://cmsqagpublic.qg1.apps.qualys.in/ContainerSensorhttps://camspublic.qg1.apps.qualys.in, https://camspm.qg1.apps.qualys.in, https://camsrepo.qg1.apps.qualys.in, https://qg1.apps.qualys.inhttps://qgadmin.qg1.apps.qualys.in, https://distribution.qg1.apps.qualys.in, https://monitoring.qg1.apps.qualys.in, https://scanservice1.qg1.apps.qualys.in
CA1https://qualysguard.qg1.apps.qualys.cahttps://qualysapi.qg1.apps.qualys.cahttps://gateway.qg1.apps.qualys.cahttps://qagpublic.qg1.apps.qualys.ca, https://cask.qg1.apps.qualys.cahttps://cmsqagpublic.qg1.apps.qualys.ca/ContainerSensorhttps://camspublic.qg1.apps.qualys.ca, https://camspm.qg1.apps.qualys.ca, https://camsrepo.qg1.apps.qualys.ca, https://qg1.apps.qualys.cahttps://qgadmin.qg1.apps.qualys.ca, https://distribution.qg1.apps.qualys.ca, https://monitoring.qg1.apps.qualys.ca, https://scanservice1.qg1.apps.qualys.ca
AE1https://qualysguard.qg1.apps.qualys.aehttps://qualysapi.qg1.apps.qualys.aehttps://gateway.qg1.apps.qualys.aehttps://qagpublic.qg1.apps.qualys.ae, https://cask.qg1.apps.qualys.aehttps://cmsqagpublic.qg1.apps.qualys.ae/ContainerSensorhttps://camspublic.qg1.apps.qualys.ae, https://camspm.qg1.apps.qualys.ae, https://camsrepo.qg1.apps.qualys.ae, https://qg1.apps.qualys.aehttps://qgadmin.qg1.apps.qualys.ae, https://distribution.qg1.apps.qualys.ae, https://monitoring.qg1.apps.qualys.ae, https://scanservice1.qg1.apps.qualys.ae
UK1https://qualysguard.qg1.apps.qualys.co.ukhttps://qualysapi.qg1.apps.qualys.co.ukhttps://gateway.qg1.apps.qualys.co.ukhttps://qagpublic.qg1.apps.qualys.co.uk, https://cask.qg1.apps.qualys.co.ukhttps://cmsqagpublic.qg1.apps.qualys.co.uk/ContainerSensorhttps://camspublic.qg1.apps.qualys.co.uk, https://camspm.qg1.apps.qualys.co.uk, https://camsrepo.qg1.apps.qualys.co.uk, https://qg1.apps.qualys.co.ukhttps://qgadmin.qg1.apps.qualys.co.uk, https://distribution.qg1.apps.qualys.co.uk, https://monitoring.qg1.apps.qualys.co.uk, https://scanservice1.qg1.apps.qualys.co.uk
AU1https://qualysguard.qg1.apps.qualys.com.auhttps://qualysapi.qg1.apps.qualys.com.auhttps://gateway.qg1.apps.qualys.com.auhttps://qagpublic.qg1.apps.qualys.com.au, https://cask.qg1.apps.qualys.com.auhttps://cmsqagpublic.qg1.apps.qualys.com.au/ContainerSensorhttps://camspublic.qg1.apps.qualys.com.au, https://camspm.qg1.apps.qualys.com.au, https://camsrepo.qg1.apps.qualys.com.au, https://qg1.apps.qualys.com.auhttps://qgadmin.qg1.apps.qualys.com.au, https://distribution.qg1.apps.qualys.com.au, https://monitoring.qg1.apps.qualys.com.au, https://scanservice1.qg1.apps.qualys.com.au
KSA1https://qualysguard.qg1.apps.qualysksa.com/https://qualysapi.qg1.apps.qualysksa.comhttps://gateway.qg1.apps.qualysksa.comhttps://qagpublic.qg1.apps.qualysksa.com, https://cask.qg1.apps.qualysksa.comhttps://cmsqagpublic.qg1.apps.qualysksa.com/ContainerSensorhttps://camspublic.qg1.apps.qualysksa.com, https://camspm.qg1.apps.qualysksa.com, https://camsrepo.qg1.apps.qualysksa.com, https://qg1.apps.qualysksa.comhttps://qgadmin.qg1.apps.qualysksa.com, https://distribution.qg1.apps.qualysksa.com, https://monitoring.qg1.apps.qualysksa.com, https://scanservice1.qg1.apps.qualysksa.com

Why Are We Deprecating Weak Cipher Suites?

Over time, some cipher suites become vulnerable to advanced cyber threats. By deprecating weak cipher suites, we aim to:

  • Enhance Security: Protect against potential vulnerabilities that could be exploited by attackers.
  • Maintain Compliance: Align with industry standards and regulatory requirements that mandate the use of strong encryption methods.
  • Improve Performance: Stronger cipher suites can lead to more efficient and secure connections.

How Will This Affect You?

Starting January 31, 2025, any connections to Qualys public-facing product URLs that attempt to use deprecated weak cipher suites will be denied. This change may require you to update your systems and applications to ensure they support stronger, approved cipher suites.

  • Qualys Login
    • Ensure you are using a modern and up-to-date web browser
  • Qualys API
    • Ensure you are using a modern and up-to-date operating system that supports at least one of the following:
      • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
      • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • Scanner
    • No action needed as Scanner is using a strong cipher suite
      • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • Cloud Agent
    • Ensure the operating system in which the Cloud Agent is installed has at least one of the following strong cipher suites
      • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
      • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
      • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
      • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    • Qualys will email the primary contact for each subscription with impacted agents no later than September 30, 2024
    • Customers can also leverage Information Gathered QID 45651 Strong Cipher Suites Missing to discover impacted assets.
  • Qualys Gateway Service
    • No action needed as QGS is using a strong cipher suite
      • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • Container Security Sensor
    • No action needed as QGS is using a strong cipher suite
      • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS 1.3

TLS 1.3 represents a significant advancement in secure internet communication protocols, offering enhanced performance, stronger encryption, and improved security features compared to its predecessors. At Qualys, we recognize the importance of adopting the latest standards to safeguard our customers’ data. While some of our URLs already support TLS 1.3, we are committed to enabling it across all product URLs by end of 2024. This upgrade will not only ensure faster and more secure connections but also align with industry best practices, providing our users with the highest level of protection against modern cyber threats

Commitment to Security

Deprecating weak cipher suites is part of our ongoing commitment to providing secure and reliable services to our customers. We appreciate your understanding and cooperation in making this necessary change

If you have any questions about the cipher suites being deprecated, please connect with your TAM or contact support

Share your Comments

Comments

Your email address will not be published. Required fields are marked *