Your data. Anywhere you go.

New Relic for iOS or Android

Download on the App Store    Android App on Google play

New Relic Insights App for iOS

Download on the App Store

Learn more

Close icon

Deprecation of 3DES Cipher Support on August 27th



… after a test of the deprecation on August 20th.

What is 3DES?

Triple DES (3DES) is a formerly popular encryption cipher that is no longer considered secure, and is considered by NIST to have only 80 bits of effective security when encrypting more than 8 MB of data. As 112 bits of security is now considered a bare-minimum, NIST and compliance frameworks such as the Payment Card Industry Data Security Standard (PCI DSS) consider the continued use of 3DES unacceptable.

Does New Relic use 3DES?

Currently, all New Relic systems prefer to use the industry-standard AES-GCM cipher if supported by the client, but fall back to AES-CBC if necessary. Two systems— and— continue to fall back to 3DES if that is the only cipher supported by the client.

What is changing?

From 22:00 UTC on August 20th, 2019 to 22:00 UTC on August 21st, 2019, we will test a change where those two systems— and—will no longer fall back to use the 3DES cipher. All connections to these systems during that time using the 3DES cipher will fail. One week later, at 22:00 UTC on August 27th, we will implement this change permanently.

Qualys SSL Labs shows our current configuration for these domains here. After July 27th, our configuration for these domains should instead look like this.

How do I tell if I’m affected?

Only about 0.0025% (or about one in forty thousand) of all TLS connections to these systems are made using the 3DES cipher. The replacement for 3DES, the Advanced Encryption Standard (AES), was introduced in 2001, meaning that any clients still using 3DES are likely to be quite old. We believe some of the most common affected client systems are Windows Server 2003 (pre-SP2) and Windows XP. Client systems using OpenSSL prior to version 0.9.7—first released in 2002—may also be affected.

In addition, any client system that fails to connect to or during the test window from August 20th-21st may be affected.

Any affected systems should be updated to a more recent operating system and/or cryptographic library in order to continue connecting to New Relic. We believe that the security of customer data is important, and we can best serve our customers by encouraging the use of modern encryption.

Please let us know if you have questions or concerns about this change!


This change has been made; New Relic now rejects the use of the 3DES cipher across our entire infrastructure.

If you are experiencing connection issues (that also occurred during the test window), you may need to upgrade your system to support the AES cipher.

Thank you for your patience and cooperation as we work to ensure that all of our customer data is protected using strong encryption standards.

closed #3