- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Transport Layer Security (TLS) is a critical security protocol used to protect web traffic. It provides confidentiality and integrity of data in transit between clients and servers exchanging information. During the establishment of a TLS session, both parties agree on a cipher suite which dictates the cryptographic algorithms used to secure the communication.
As part of its ongoing commitment to the security and protection of its customer’s data, Datadog is rolling out a more modern cryptographic engine across its systems which imposes some changes to the configurations it can accept.
Beginning April 1st, 2024, Datadog disabled support for the following cipher suites across its public-facing applications. If you use unsupported clients to connect to Datadog after the older protocols are disabled, you will receive connection error messages.
Code | IANA Name |
---|---|
0xC0,0x27 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
0xC0,0x23 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
0xC0,0x28 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
0xC0,0x24 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
0x00,0x3C | TLS_RSA_WITH_AES_128_CBC_SHA256 |
0x00,0x3D | TLS_RSA_WITH_AES_256_CBC_SHA256 |
After this date, the following cipher suites will be accepted:
Code | IANA Name |
---|---|
0xC0,0x2B | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
0xC0,0x2F | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
0xC0,0x2C | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
0xC0,0x30 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
0xCC,0xA9 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 |
0xCC,0xA8 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
0xC0,0x09 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
0xC0,0x13 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
0xC0,0x0A | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
0xC0,0x14 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
0x00,0x9C | TLS_RSA_WITH_AES_128_GCM_SHA256 |
0x00,0x9D | TLS_RSA_WITH_AES_256_GCM_SHA384 |
0x00,0x2F | TLS_RSA_WITH_AES_128_CBC_SHA |
0x00,0x35 | TLS_RSA_WITH_AES_256_CBC_SHA |
0x13,0x01 | TLS_AES_128_GCM_SHA256 |
0x13,0x02 | TLS_AES_256_GCM_SHA384 |
0x13,0x03 | TLS_CHACHA20_POLY1305_SHA256 |
This change does not impact Datadog for Government site for which the accepted cipher suites remain the following:
Code | IANA Name |
---|---|
0xC0,0x2F | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
0xC0,0x30 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
0xC0,0x2B | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
0xC0,0x2C | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
Datadog’s systems already require the use of TLS 1.2 and compatible clients will be able to negotiate other cipher suites. However, specific client-side configurations may alter this behavior. Use the client of your choice to connect to tls-config-test.datadoghq.com which is configured with the target ciphers, or use How’s my SSL? API to check the cipher suites it supports. For any additional questions, reach out to Datadog support.