nanog mailing list archives

Deprecation of outdated crypto support (was: Fwd: [arin-announce] Changes Coming to Cryptographic Features Across ARIN Services)

From: John Curran <jcurran () arin net>
Date: Thu, 1 Aug 2024 18:55:50 +0000

NANOGers -

Note the planned depreciation of outdated cryptographic support for ARIN services in February 2025, as per the attached 
announcement.

While this may seem to be quite some time away, please take a moment to note the upcoming change with your IT/devops 
folks just in case.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Begin forwarded message:

From: ARIN <info () arin net>
Subject: [arin-announce] Changes Coming to Cryptographic Features Across ARIN Services
Date: August 1, 2024 at 2:37:57 PM AST
To: "arin-announce () arin net" <arin-announce () arin net>

As of 3 February 2025, ARIN Will Only Support TLS 1.2 and TLS 1.3 Cryptographic Features Across All ARIN Services.

Historically, ARIN has allowed the use of a wide range of Secure Socket Layer (SSL) and Transport Layer Security (TLS) 
algorithms to enable secure, encrypted communication between our customers and services. Currently, ARIN supports TLS 
1.2 and TLS 1.3 as well as a subset of the stronger algorithms within TLS 1.0, TLS 1.1, and SSLv3 specifications for 
publicly available services such as ARIN.net<http://arin.net/> mail, Whois Restful Web Service (Whois-RWS), Registry 
Data Access Protocol (RDAP), ftp://ftp.arin.net<ftp://ftp.arin.net/>, and Resource Public Key Infrastructure Repository 
Data Protocol (RRDP). The remainder of ARIN services, including the ARIN website and Registration RESTful Web Service 
(Reg-RWS), only support TLS 1.2 and TLS 1.3.

ARIN will deprecate the outdated versions of SSL and TLS on 3 February 2025 and begin only using TLS 1.2 and TLS 1.3 
protocols across all our services. We are providing six months’ notice of this change to allow customers to ensure that 
all applicable software supports TLS 1.2 and TLS 1.3 protocols to avoid losing connectivity to ARIN services. 

In the future, ARIN may more regularly update cipher suite and algorithm support within our published supported 
protocols to align with requirements from internal and external audits, security certifications, and community feedback.

Regards,

American Registry for Internet Numbers (ARIN)

_______________________________________________
ARIN-Announce

Current thread:

Deprecation of outdated crypto support (was: Fwd: [arin-announce] Changes Coming to Cryptographic Features Across ARIN Services) John Curran (Aug 01)