Coupa is focused on ensuring that the highest level of security is maintained. At Coupa, we use secure TLS protocols with a selection of cipher suites to handle all our connections. Some ciphers that use RSA for Key Exchange are no longer recommended by SSL/TLS experts as they are now deemed too weak and will be removed from our infrastructure.
What work will be done?
The following weak ciphers will be removed as part of this rollout:
For a list of supported ciphers, see Coupa Cipher Suites.
When will the change take place?
- March 4, 2022 for sandbox
- March 18, 2022 for production
What actions do you need to take?
If you only use cipher suites from the above weak ciphers list, you will need to add/enable support for ECDHE and ECDH ciphers otherwise it will result in refused connections and failed integrations. Confirm with your vendors the steps to add/enable support for ECDHE and ECDH Key Exchange ciphers to ensure the secure connections now required by Coupa.
If you currently support ECDHE, ECDH and RSA ciphers, verify with your System Administrators if you still need to support RSA Key Exchange ciphers for any other connection. If no longer required follow your vendors’ recommendations to remove support for RSA ciphers.
For more information, please contact Coupa Customer Support via the Coupa Support Portal at https://support.coupa.com. There you can access knowledge articles, and your organization's Designated Support Contacts can submit and track support cases.