Update -
We will be undergoing scheduled maintenance during this time.
Oct 01, 2025 - 14:22 BST
Update -
We have made a change to the schedule of the removal of these ciphers. The work will now happen at 10AM on 1 December 2025.
Sep 23, 2025 - 15:17 BST
Scheduled -
To maintain a highly secure and stable platform we will be removing support for 2 outdated ciphers at 10am on 1 December 2025. This is an extension from when the work was previously scheduled to happen on 30 September 2025.
We will be removing support for these TLS 1.2 ciphers on 1 December 2025:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ECDHE-RSA-AES128-SHA256)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (ECDHE-RSA-AES256-SHA384)
To help services affected by this we have already added an ECDSA certificate which will also enable support for these TLS 1.2 ciphers:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (ECDHE-ECDSA-AES128-GCM-SHA256)
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (ECDHE-ECDSA-AES256-GCM-SHA384)
This change introduced two further new weak TLS 1.2 ciphers that we will also remove on 1 December 2025:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (ECDHE-ECDSA-AES128-SHA256)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (ECDHE-ECDSA-AES256-SHA384)
A list of the changes:
TLS 1.2 ciphers that we support before 1 December 2025:
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ECDHE-RSA-AES128-SHA256)
* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ECDHE-RSA-AES128-GCM-SHA256)
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (ECDHE-RSA-AES256-SHA384)
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ECDHE-RSA-AES256-GCM-SHA384)
* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (ECDHE-ECDSA-AES128-GCM-SHA256)
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (ECDHE-ECDSA-AES256-GCM-SHA384)
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (ECDHE-ECDSA-AES128-SHA256)
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (ECDHE-ECDSA-AES256-SHA384)
TLS 1.2 ciphers that we support after 1 December 2025:
* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ECDHE-RSA-AES128-GCM-SHA256)
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ECDHE-RSA-AES256-GCM-SHA384)
* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (ECDHE-ECDSA-AES128-GCM-SHA256)
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (ECDHE-ECDSA-AES256-GCM-SHA384)
We have directly contacted services affected by this change, and are encouraging the use of TLS 1.3 where possible.
This will be a permanent change and we will not be able to provide extensions to use these ciphers after November 2025.
If you have any questions about this change please email us at govuk-pay-support@digital.cabinet-office.gov.uk
Jul 01, 2025 - 15:10 BST