An icon of a right arrow Back

REST API | Dec. 02, 2024

Upcoming Certificate Rotation and Ciphersuite List Update for All Twilio REST API Endpoints

Starting March 3, 2025, Twilio will rotate the end-user certificate and will update the list of supported cipher suites in all Twilio REST APIs. 

End-user Certificate Rotation

Only the end-user certificate will be renewed, as well as the certificate serial number. The root and intermediate certificates will remain the same. Such updates are common practice and do not impact customers that are using Twilio's services unless you are pinning certificates or are managing them manually. Customers using the official Twilio Helper Libraries should not experience any impact as they are designed to handle certificate rotations.

We highly discourage customers from pinning certificates as it exposes them to potential security risks and can cause downtimes for their services. Twilio customers using pinned certificates have a high probability of failed API Requests. These customers are advised to add the new certificates by March 3, 2025. 

Updates on the Cipher List

All our REST API endpoints will only support the cipher suites listed below. Support for any other cipher suite will be removed from that time.

Supported TLSv1.3 ciphers:

  • TLS_AES_128_GCM_SHA256
  • TLS_AES_256_GCM_SHA384
  • TLS_CHACHA20_POLY1305_SHA256

Supported ECDSA ciphers (TLSv1.2):

  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-AES128-SHA256
  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-CHACHA20-POLY1305
  • ECDHE-ECDSA-AES256-SHA384

Supported RSA ciphers (TLSv1.2):

  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES128-SHA256
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-CHACHA20-POLY1305
  • ECDHE-RSA-AES256-SHA384

Customers are advised to check that their infrastructure supports at least one of these cipher suites. Customers running older operating systems or legacy network software may need to upgrade their systems to be compatible with these changes.

Test your configuration

The new security configuration will be available on the testing domain ( https://tls-test.twilio.com ) on February 3, 2025. 

For more information on how to test the updated cipher list, we advise you to read Monitoring Updates to Twilio REST API Security Settings

Twilio Platform GA

Additional Resources

A newspaper article

Blog

Read more about our latest product updates, product tutorials, and community projects.


Read the blog

Docs

See API reference documentation, quickstarts, SDKs, and multi-language code samples.

Read the docs
User group reactions

Events

Find upcoming events and join us virtually or in person to learn more about our products.


View events