AssureSign Customer Security Information Regarding RC4 Cipher Support for TLS (HTTPS) Communication

Last updated 2016-08-02 19:07:50 UTC

As part of our ongoing initiative to safeguard customer data, we will be removing support for the RC4 cipher for TLS (HTTPS) communication with AssureSign. The RC4 cipher was originally designed all the way back in 1987 and over time became widely used in TLS communication (such as that between a browser and a web server) due to its speed and simplicity. However, an increasing number of weaknesses have been found with RC4 that has resulted in it being gradually phased out by both web servers and browsers. Most applications and browsers support a number of ciphers by default (many of which are considered more secure than RC4), so this change should not impact most users.

Support for the RC4 cipher will be dropped from production AssureSign SaaS environments starting with our upcoming Version 5.10 rollout (June 10/11th 2015). Do note that all major current browsers support more current ciphers than RC4, and many have already dropped RC4 cipher support. While we do not anticipate any impact on the vast majority of our user base, any clients utilizing custom SSL proxies or custom integration from older server environments such as Java 1.6 should review their systems to ensure RC4 cipher support is not required for TLS (HTTPS) communication with AssureSign. In addition, we would suggest that any clients still accessing AssureSign via older browser deployments of IE8 on Windows XP also verify that this change will not have an impact on their users.

In advance of the implementation of this change in our production SaaS environments with the 5.10 rollout, RC4 cipher support will be dropped for our sandbox SaaS environment on Friday, May 29th, 2015 @ 7am EST.

Please contact if you have any further questions regarding this modification.