Migration to new technical platform
      Back to home
      1. Manual
      2. Other - administration
      3. Migration to new technical platform

      Deprecating Weak TLS Cipher Suites and Updates to Public IP Address Pool

      Strengthening Security for Our Customers

      At Stratsys, your security is our top priority. To ensure we continue providing the highest level of protection, we are making an important update to our security protocols. Starting April 2025, we will be deprecating weak cipher suites across all public-facing product URLs and extending our public IP address pool with a new public IP address. These changes will enhance both the security and performance of our services, ensuring a more robust and reliable experience.

      What Are All the Public-Facing Product URLs?

      The following table includes the impacted URLs.

      Component Status URL

      app.stratsys.com

      		 To be started https://*.app.stratsys.com

      login.svc.stratsys.com

      		 To be started https://login.svc.stratsys.com

      developers.svc.stratsys.com

      		 Completed  
           

      Below are the key details regarding these updates:

      TLS Cipher Deprecation and Supported Ciphers


      As part of our commitment to enhancing security, we will be deprecating certain weak TLS ciphers and introducing stronger, more secure alternatives. The following ciphers will be supported going forward:

      Supported Ciphers:

      • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
      • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
      • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

      Deprecated Ciphers:

      The following ciphers will no longer be supported:

      • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
      • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
      • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
      • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
      • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
      • TLS_RSA_WITH_AES_256_GCM_SHA384
      • TLS_RSA_WITH_AES_128_GCM_SHA256
      • TLS_RSA_WITH_AES_256_CBC_SHA256
      • TLS_RSA_WITH_AES_128_CBC_SHA256
      • TLS_RSA_WITH_AES_256_CBC_SHA
      • TLS_RSA_WITH_AES_128_CBC_SHA

      IP Address Pool Extension


      We are extending our public (inbound) IP address pool. The expanded pool will include the following new IP Address:

      • 217.28.207.251

      Complete IP Address Pool:

      The entire updated (inbound) IP address pool now includes:

      • 217.28.206.122
      • 217.28.206.151
      • 217.28.207.251

      Please ensure that any network configurations (firewalls etc.) are updated to accommodate this new Public IP Address change.

      TLS 1.3

      We are extending our support for TLS 1.3 to more of our public facing product URLs.

      By extending our support for TLS 1.3, we are ensuring that your connections with our services remain secure, efficient, and in line with the latest industry standards. Please verify that your systems are configured to support TLS 1.3 for the best possible performance and security.

      How Will This Affect You?

      Starting April 2025, any connections to Stratsys public-facing product URLs that attempt to use deprecated weak cipher suites will be denied. This change may require you to update your systems and applications to ensure they support stronger, approved cipher suites.

      Recommended Actions

      • Ensure your users are using a modern and up-to-date web browser
      • Verify that the new IP address that will be introduced is whitelisted in firewall (if applicable)
      • Ensure your servers are using a modern and up-to-date operating system that supports at least one of the following cipher suites:
          • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
          • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
          • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256