Skip to main content



Coupa Success Portal

Deprecating Old Cipher Suites for Secure SSL Handshake


On 24th July 2019, Coupa implemented a change to the staging deployment with enhanced security measures in TLS ciphers that affected customers’ integrations. The change was rolled back as soon as Coupa was notified of the issue restoring functionality.

Coupa is focused on ensuring that the highest level of security is maintained. At Coupa, we use secure TLS protocols with a selection of cipher suites to handle all our connections. Some ciphers that use RSA for Key Exchange are no longer recommended by SSL/TLS experts as they are now deemed too weak and will be removed from our infrastructure.

What work will be done?

Below weak ciphers will be removed as part of this rollout:

  • AES128-SHA
  • AES128-GCM-SHA256
  • AES128-SHA256
  • AES256-GCM-SHA384
  • AES256-SHA256
  • AES256-SHA

When will the change take place?

  • The changes are planned for the first quarter of 2020 by March 31st, 2020.

What actions do you need to take?

If you only use RSA Key Exchange cipher suites you will need to add/enable support for ECDHE and ECDH ciphers otherwise it will result in refused connections and failed integrations. Confirm with your vendors the steps to add/enable support for ECDHE and ECDH Key Exchange ciphers to ensure the secure connections now required by Coupa.

If you currently support ECDHE, ECDH and RSA ciphers, verify with your Sys Admins if you still need to support RSA Key Exchange ciphers for any other connection. If no longer required follow your vendors’ recommendations to remove support for RSA ciphers.

Please contact us directly with any questions and/or concerns at or 1.800.385.7830. We are always available to ensure your success.

  • Was this article helpful?