Tenable will disable the following weak ciphers on, or after, March 10, 2025. This change applies to all sensors connecting to *.cloud.tenable.com, APIs, and users accessing the user interface through a supported browser. This change is to improve security across the Tenable Platform and should be seamless to end users. Please visit the links below to ensure the latest sensor versions are deployed.

• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
• TLS_RSA_WITH_AES_128_GCM_SHA256
• TLS_RSA_WITH_AES_128_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
• TLS_RSA_WITH_AES_256_GCM_SHA384
• TLS_RSA_WITH_AES_256_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_RSA_WITH_AES_128_CBC_SHA256
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
• TLS_RSA_WITH_AES_256_CBC_SHA256

The following ciphers are still supported. In the future, this list will continue to change as technology improves.

TLS v1.2:

• TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
• TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
• TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
• TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A

TLS v1.3:

• TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
• TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
• TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A

To ensure connectivity, please upgrade all Tenable products to their latest version per the following:

https://docs.tenable.com/PDFs/product-lifecycle-management/tenable-software-release-lifecycle-matrix.pdf

For an optimal experience and to connect with the minimal cipher suite, use the following systems requirements page as a guide:

https://docs.tenable.com/general-requirements/Content/IOSystemRequirements.htm