Back
New article

Transport layer security (TLS) versions and supported cipher suites

Overview

Transport layer security (TLS) is the protocol used to secure data exchanged between your systems and the Blue platform. TLS provides the following protections:

  • Encryption: hides the data being transferred from third parties.
  • Authentication: ensures that the parties exchanging information are who they claim to be.
  • Integrity: verifies that the data has not been forged or tampered with.

To ensure strong, modern security, the Blue platform supports only current TLS versions and hardened cipher suites.

Supported TLS versions

The Blue platform supports:

  • TLS 1.2
  • TLS 1.3

All inbound and outbound connections to platform services must use TLS 1.2 or TLS 1.3.

Legacy protocols (for example, TLS 1.0 or TLS 1.1) are not supported.

Supported cipher suites

Cipher suites define how encryption, key exchange, and integrity validation are performed during a TLS session. Only secure, industry-recommended cipher suites are accepted.

TLS 1.2

The following cipher suites are supported:

  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-CHACHA20-POLY1305
  • ECDHE-RSA-CHACHA20-POLY1305
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-AES256-CCM8
  • ECDHE-ECDSA-AES256-CCM

TLS 1.3

The following cipher suites are supported:

  • AES_256_GCM_SHA384
  • AES_128_GCM_SHA256

Legacy or weak ciphers, including those using outdated key exchange mechanisms or insufficient encryption strength, are not accepted.

What this means for your environment

Most modern browsers and up-to-date operating systems already use TLS 1.2 or TLS 1.3 by default. Standard web access to the platform typically requires no changes.

You should review any system-to-system integrations, including:

  • DataSync tool deployments
  • Custom API integrations
  • Integrations built on legacy applications or older frameworks

These integrations may rely on out-dated TLS libraries or unsupported cipher configurations. Systems that do not support TLS 1.2+ and the listed cipher suites will not be able to establish secure connections.

  1. Confirm that your enabled cipher suites include at least one of the supported options listed above.
  2. Update or replace legacy components that depend on deprecated TLS versions or weak ciphers.

Frequently asked questions (FAQs)

The following questions address common concerns about the upcoming TLS update and how it may or may not affect your current workflows and integrations with Explorance systems.

Question:

  • We are sending files to your server using SFTP, is this affected?

Answer:

  • No. This update applies only to TLS/HTTPS traffic (such as web browsers and API calls). It does not affect SFTP connections on Port 22, because SFTP uses the SSH protocol rather than TLS. Your current file‑transfer process will continue to work as usual after May 13, 2026.

Note: If your organization uses the Explorance DataSyncTool or any APIs to trigger processing after files are uploaded, those tools do communicate over HTTPS and must support the updated TLS standards. If your workflow relies solely on SFTP for file transfer, no changes are required.

Question:

  • How can I check which TLS cipher suites my server is using?

Answer:

  • To ensure your server is compatible with the updated TLS requirements, you may need to verify which cipher suites are currently enabled. This is particularly important if your organization manages its own servers or infrastructure that connects to Explorance systems, as unsupported cipher suites could result in connection failures after May 13, 2026.
  • Microsoft provides a PowerShell cmdlet, Get-TlsCipherSuite, that lets you view the cipher suites enabled on your Windows Server. You can access the official Microsoft documentation here.

Ongoing security posture

Cipher suite support is aligned with current industry best practices and may evolve as cryptographic standards change. The platform maintains a hardened, security-focused configuration to protect data in transit.

For assistance with compatibility validation or integration testing, contact support@explorance.com.

Copyright © 2026

Explorance Inc. All rights reserved.