SHR Group TLS Support and Cipher Suites

Starting in 2024, SHR Group will being limiting TLS connections to and from our infrastructure to TLS 1.2 and TLS 1.3 with known secure cipher suites. This will help ensure compliance with PCI-DSS version 4.0 and safeguard your guest payment and personal data. The table below shows which versions and cipher suites are supported, and which are End of Life (EOL).

In order to support these changes, it may be necessary for the customer to upgrade existing software and equipment. If upgrades are not possible it may be acceptable to install a proxy server inside the customer Cardholder Data Environment (CDE) to provide a secure gateway for communication. The customer should consult their PCI auditor for approval.

End of Life Cipher Suites will no longer be accepted beginning March 1, 2024. Please contact Support to apply for a limited time extension if required.

Version

Cipher Suite

Supported

Version

Cipher Suite

Supported

TLS 1.3

TLS_AES_128_GCM_SHA256 (0x1301)

Yes

TLS 1.3

TLS_AES_256_GCM_SHA384 (0x1302)

Yes

TLS 1.3

TLS_CHACHA20_POLY1305_SHA256 (0x1303)

Yes

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)

Yes

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)

Yes

TLS 1.2

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)

Yes

TLS 1.2

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)

Yes

TLS 1.2

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)

Yes

TLS 1.2

TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xccaa)

Yes

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)

EOL

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)

EOL

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)

EOL

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

EOL

TLS 1.2

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)

EOL

TLS 1.2

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)

EOL

TLS 1.2

TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)

EOL

TLS 1.2

TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)

EOL

TLS 1.2

TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)

EOL

TLS 1.2

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)

EOL

TLS 1.2

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)

EOL

TLS 1.2

TLS_RSA_WITH_AES_256_CBC_SHA (0x35)

EOL