Minimum cipher suites
Cipher suite compliance
After 3:00 p.m. UK time on Friday 10 December 2021, ONLY the following cipher suites will be accepted over TLS 1.2 or 1.3 from local user directory connections:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
I’m not sure how our local user directory is connected to OpenAthens
Log into the OpenAthens administration dashboard and go to Management > Connections. This is where the link from your organisation’s user directory to the OpenAthens service is managed. The team which manages the user directory listed there needs to review this advisory.
Further reading
Microsoft: Managing SSL/TLS Protocols and Cipher Suites for AD FS
Changing PingFederate Cipher Suites
Okta: LDAP interface troubleshooting
Okta: Managing SSL/TLS termination
SSLCipherSuite Directive (where your local user directory uses Apache, e.g., SirsiDynix)