ORCID TLS Cipher Suite Updates

12 views

Skip to first unread message

Will Simpson

unread,

May 8, 2026, 7:40:28 AM (6 days ago) May 8

to ORCID API Users

Hello,

As part of our ongoing effort to strengthen the security of our platform, we will be updating the TLS cipher suites used on sandbox.orcid.org / orcid.org, including the Public and Member APIs.

Date for sandbox: Monday, May 11, 2026

Date for production:Tuesday, May 26, 2026

The following outdated cipher suites will be removed:

AES128-GCM-SHA256

AES128-SHA256

AES256-GCM-SHA384

AES256-SHA256

ECDHE-ECDSA-AES128-SHA

ECDHE-RSA-AES128-SHA

AES128-SHA

ECDHE-RSA-AES256-SHA

AES256-SHA

DES-CBC3-SHA

These will be replaced with the following modern cipher suites, aligned with current industry standards:

ECDHE-ECDSA-AES128-GCM-SHA256

ECDHE-ECDSA-CHACHA20-POLY1305

ECDHE-RSA-AES128-GCM-SHA256

ECDHE-RSA-CHACHA20-POLY1305

ECDHE-ECDSA-AES256-GCM-SHA384

ECDHE-RSA-AES256-GCM-SHA384

What this means for you:

Modern browsers and API clients are fully compatible with these ciphers.

No action is required on your part unless you are using very old software that does not support TLS 1.2 with modern ciphers.

If you experience any connectivity issues after this change please reply to this thread, or contact our Member Support at member...@orcid.org.

Thank you for your understanding.

ORCID Security Team

Reply all

Reply to author

Forward

0 new messages