Skip to main content

Data-in-transit encryption

Suggest edit Updated on June 2, 2022

Pega Cloud maintains policies to implement data-in-transit encryption for Pega Cloud sandbox and production environments. Using data-in-transit encryption Pega Cloud ensures network connections meet the highest industry standards and helps your application comply with your enterprise security requirements

Pega Cloud encrypts the following network connections:

  • Internal connections in the service, such as service-to-service and node-to-node connections.
  • External connections to the service, such as Pega environment-to-client data connections.

Required client reviews following infrastructure updates

As the Pega Cloud service evolves, Pega updates this page to show the most recent protocol and cipher support changes and protocols or ciphers that your service no longer supports. After Pega security-policy or infrastructure-update communications that include security protocol or cipher support changes, the Pega Cloud servers negotiate from this list of ciphers in order of preference. To support this change, review and make certain that any of your clients (such as a Web browser) that interact with Pega services support the updated list.

Pega provides this information as soon as possible so your environment security administrators and network administrators can prepare for upcoming changes.

Latest supported protocols and cipher suites for data-in-transit

The following table lists the ciphers that clients can and cannot use for their data-in-transit connections.

Supported TLS encryption settings following your next Pega Cloud infrastructure update

Supported TLS encryption protocols and cipher suites effective September 2021
Protocol-TLSv1.2

Ciphers:

ECDHE-RSA-AES128-GCM-SHA256

ECDHE-RSA-AES256-GCM-SHA384

TLS encryption settings no longer supported following your next Pega Cloud infrastructure update

Unsupported TLS encryption cipher suites effective September 2021

Ciphers:

ECDHE-ECDSA-AES128-SHA256

ECDHE-RSA-AES128-SHA256

ECDHE-ECDSA-AES128-SHA

ECDHE-RSA-AES128-SHA

ECDHE-ECDSA-AES256-SHA384

ECDHE-RSA-AES256-SHA384

ECDHE-RSA-AES256-SHA

ECDHE-ECDSA-AES256-SHA

Did you find this content helpful? YesNo

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us