What happened was during the migration of our API Proxy earlier this year we inadvertently loosened our TLS restrictions. This was found during our PCI audit last week. We applied a more restrictive policy on the load balancer that returned it to the previous restrictions with the addition of disabling a few additional ciphers that are considered to be weak according to modern standards.
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
We received a few reports that those ciphers were being used by a few developers, and their http clients didn’t support the more modern ciphers. We checked with our security people if we could re-enable these 4 ciphers and still be compliant. Once we got the go ahead we re-enabled these 4. It is highly likely we turn them off again once we give some additional time for the few clients that reported issues to update their http clients. The TLS version has been 1.2+ for some time like @Pav mentioned minus the last few months due to the accidental regression.