Skip to main content
Trust Center

Deprecation of TLS 1.2 Ciphers

06/24/2026

As part of Docusign's commitment to maintaining the highest security standards, we are entering the final phase of our TLS 1.2 weak cipher deprecation. Following the initial removal of weak ciphers in February 2023, Docusign will discontinue support for the remaining two weak AES CBC ciphers on June 25th.

Impacted Ciphers

Effective June 25th, the following cipher suites will no longer be supported by Docusign APIs and endpoints:

  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)

    • OpenSSL name - ECDHE-RSA-AES256-SHA384

  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

    • OpenSSL name - ECDHE-RSA-AES256-SHA

Action Required

Customers must ensure their integrations, client applications, and third-party connectors are updated to support modern, secure cipher suites before June 25th.

  1. Review Custom Integrations: If you maintain a custom-built integration, ensure your server or client configuration is not hardcoded to exclusively use the impacted ciphers.

  2. Check Third-Party Vendors: If you use a third-party connector to connect to Docusign, please verify with your vendor that their solution supports modern TLS 1.2 or TLS 1.3 ciphers.

Please contact Docusign Support if you have any questions or concerns