Cloud SWG: PFMS SSL Cipher Maintenance - Action Required

Friday, 29 September 14 minutes
Complete
Complete

The maintenance is now complete. Thanks for your patience.

Underway

The scheduled maintenance is now underway. We'll keep you updated on our progress.

Scheduled

On September 29, 2023, Broadcom will end-of-life a group of SSL ciphers used by the Cloud SWG PAC File Management System (PFMS). SSL ciphers are cryptographic algorithms used to secure data in motion between clients and websites. The SSL ciphers being removed are no longer considered effective. Removing antiquated ciphers is a standard platform management task that we conduct on an as-needed basis. Deprecating antiquated SSL ciphers helps to ensure that your data in motion remains private.

The following ciphers will remain active following this action. Make sure that at least one is supported in your client environments:

  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Impact

The vast majority of users will not be impacted because they use modern browsers and operating systems that leverage effective SSL cipher suites. However, it is possible that some legacy browsers or operating systems will be unable to connect to PFMS after this change, including these:

  • Internet Explorer 11 and earlier, which includes and any Windows version that relies on IE11 for web requests (Windows 7, Windows 8.1, & Windows Phone 8.1)
  • macOS 10.10 and earlier

Required Action

Upgrade any affected clients to a browser/OS that supports one or more of the ciphers above, before September 29, 2023.

Support

Questions? Contact technical support by visiting: https://support.broadcom.com/security. For service status and maintenance updates visit and subscribe to Broadcom Service Status: https://status.broadcom.com.

Began at:

Affected components
  • Cloud Secure Web Gateway
    • Point of Presence (POP) - Americas
      • Buenos Aires, Argentina (GARBA)
      • Columbia, South Carolina (GUSCO)
      • Dallas, Texas (GUSDA)
      • Des Moines, Iowa (GUSDM)
      • Las Vegas, Nevada (GUSLV)
      • Los Angeles, California (GUSLA)
      • Mexico City, Mexico (GMXMC)
      • Montreal, Canada (GCAMO)
      • Portland, Oregon (GUSPO)
      • Sao Paulo, Brazil (GBRSP)
      • Toronto, Canada (GCATO)
      • Washington, DC (GUSAS)
      • Bogota, Colombia (GCOBO)
    • Point of Presence (POP) - APAC
      • Auckland, New Zealand (GNZAU)
      • Bangkok, Thailand (GTHBA)
      • Beijing, China (ACNBJ)
      • Delhi, India (GINDE)
      • Hanoi, Vietnam (GVNHA)
      • Hong Kong (GCNHK)
      • Islamabad, Pakistan (GPKIS)
      • Jakarta, Indonesia (GIDJK)
      • Kuala Lumpur, Malaysia (GMYKL)
      • Manila, Philippines (GPHMA)
      • Melbourne, Australia (GAUME)
      • Mumbai, India (GINMU)
      • Osaka, Japan (GJPOS)
      • Seoul, South Korea (GKRSE)
      • Shanghai, China (ACNSH)
      • Singapore (GSGRS)
      • Sydney, Australia (GAUSY)
      • Taipei, Taiwan (GTWTA)
      • Tokyo, Japan (GJPTK)
    • Point of Presence (POP) - Europe And The Middle East
      • Abu Dhabi, UAE (GAEAD)
      • Amsterdam, the Netherlands (GNLAM)
      • Ankara, Turkey (GTRAN)
      • Athens, Greece (GGRAT)
      • Brussels, Belgium (GBEBR)
      • Bucharest, Romania (GROBU)
      • Copenhagen, Denmark (GDKCP)
      • Dover, England (GGBDO)
      • Dubai, UAE (GAEDX)
      • Dublin, Ireland (GIEDU)
      • Frankfurt, Germany (GDEFR)
      • Helsinki, Finland (GFIHE)
      • Lisbon, Portugal (GPTLI)
      • London, England (GGBLO)
      • Madrid, Spain (GESTO) ( Previously Madrid, Spain (GESMA))
      • Manama, Bahrain (GBHMA)
      • Milan, Italy (GITMI)
      • Milan, Italy (GITMO)
      • Nicosia, Cyprus (GCYNI)
      • Oslo, Norway (GNOOS)
      • Paris, France (GFRPA) / Paris, France (GFRVE)
      • Riyadh, Saudi Arabia (GSARI)
      • Stockholm, Sweden (GSESK)
      • Tel Aviv, Israel (GILTA)
      • Valletta, Malta (GMTVA)
      • Vienna, Austria (GATVI)
      • Warsaw, Poland (GPOWA)
      • Zurich, Switzerland (GCHZU)
      • Ljubljana, Slovenia (GSILJ)
      • Zagreb, Croatia (GHRZA)
      • Belgrade, Serbia (GSRBE)
      • Tallinn, Estonia (GEETA1)
      • Vilnius, Lithuania(GLTVI)
      • Riga, Latvia (GLVRI)
      • Dammam, Saudi Arabia (GSADA)
    • Point of Presence (POP) - Africa
      • Johannesburg, South Africa GZASO (Previously Johannesburg GZAJB)
    • Portal & Reporting
      • PAC File Management System (PFMS)