Did KEAP just disable TLS1.2 causing API Failures

What happened was during the migration of our API Proxy earlier this year we inadvertently loosened our TLS restrictions. This was found during our PCI audit last week. We applied a more restrictive policy on the load balancer that returned it to the previous restrictions with the addition of disabling a few additional ciphers that are considered to be weak according to modern standards.


We received a few reports that those ciphers were being used by a few developers, and their http clients didn’t support the more modern ciphers. We checked with our security people if we could re-enable these 4 ciphers and still be compliant. Once we got the go ahead we re-enabled these 4. It is highly likely we turn them off again once we give some additional time for the few clients that reported issues to update their http clients. The TLS version has been 1.2+ for some time like @Pav mentioned minus the last few months due to the accidental regression.