Dear Partner,
As part of our ongoing security enhancements, we will be updating our Application Load Balancer (ALB) SSL policy in production on 4 May 2026.
This update will remove support for older TLS 1.2 ECDHE CBC-mode cipher suites:
- ECDHE-ECDSA-AES128-SHA256
- ECDHE-RSA-AES128-SHA256
- ECDHE-ECDSA-AES256-SHA384
- ECDHE-RSA-AES256-SHA384
These cipher suites are being deprecated to align with current security best practices and industry standards.
Based on our traffic observations over the past two months, we do not see any partners actively using these cipher suites, and we do not expect any service disruption. However, we recommend that you verify your system configuration on your end as a precaution.
Action required:
- Ensure that your systems support modern, secure cipher suites (e.g. AES-GCM based ciphers). This can be verified via successfully connecting to our staging environment.
- If your application in staging is using the same TLS cipher suites as production, a successful TLS handshake will indicate that your application is compatible with Singpass' latest supported SSL policy.
- If your system is currently using any of the above cipher suites, please update your TLS configuration accordingly
We recommend performing the necessary checks ahead of the update to ensure continued connectivity.
If you have any questions or require assistance, please reach out via our helpdesk:
https://partnersupport.singpass.gov.sg/hc/en-sg
Thank you.
Kind regards,
Singpass Partner Experience
Comments
0 comments
Please sign in to leave a comment.