Covisint Corporation | One Campus M

Covisint Corporation | One Campus Martius | Detroit, MI 48226 | p 313 227 7000 | covisint.com
January 2015
Transitioning to SHA-256 and other Covisint Secure Protocol Changes
SHA-2 consists of a family of cryptographic hashing algorithms developed by NIST (National Institute of Standards and Technology) to replace the aging SHA-1 hashing algorithm which has been proven to have mathematical weaknesses.
SHA-256
Covisint, in our role as your security partner, supports the deprecation of SHA-1 and the transition to SHA-256, the most widely supported of the SHA-2 hashing algorithms. In the coming months, Covisint will no longer be accepting certificates using SHA-1, and will be working closely with all customers to ensure a seamless transition.
SSL v3.0
In response to the recent vulnerabilities, and the widely published exploits, Covisint will no longer be supporting SSL v.3.0. Covisint recommends customers migrate clients and services to more secure security protocols, such as TLS 1.0, TLS 1.1, or TLS 1.2.
TLS (Transport Layer Security)
Covisint will be disabling ciphers deemed to be weak, and while continuing to support TLS 1.0, 1.1, and 1.2; if your user agent supports multiple TLS versions, Covisint will set preference to the most recent.
Known issues with compatibility
Most applications, servers and browsers now support SHA-256, however some older operating systems such as Windows XP prior to Service Pack 3, and some mobile devices do not. Before the SHA-1 algorithm is formally deprecated by Microsoft, it is important to ensure your organization and those relying on your infrastructure are benefiting from SHA-256 support by installing the latest version of the application or browser and applying all known security updates to your operating system.
Covisint is tracking the status within the CA and Browser industry as well as within security forms and will keep our customers up to date on any milestone changes, or on credible advances that could negatively impact our customers.