TLS/3DES Deprecation

imgix logo
Team imgix
May 18, 2018
3 minute read

imgix has an ongoing commitment to provide our customers with industry-leading security, so we want to inform you about a change that we will make to the imgix CDN to continue that commitment.

imgix enables you to deliver your images to your users using either HTTP or HTTPS by leveraging the worldwide, high-performance imgix CDN. HTTPS delivery is available with every imgix source, at no additional cost and without additional setup, because we strongly believe that allowing our customers to securely deliver their content is an essential part of the value of the imgix service. To follow the best currently available security practices, we periodically evaluate the imgix CDN’s configuration parameters. During our most recent evaluation, and due to changes to PCI requirements, we will be retiring the availability of older TLS protocols and a legacy encryption cipher for all customers of the imgix CDN.

Effective today, the imgix CDN will no longer support connections utilizing the TLS v1.0 or TLS v1.1 protocols. TLS v1.2 will continue to be supported. Additionally, we will no longer support the 3DES cipher. All other current ciphers will continue to be supported.

This functionality is being retired because it has been deemed no longer suitable for use in securing traffic on the Internet. Virtually all web browsers have already deprecated or removed it, and over the past six months, usage has been extremely low:

  • TLS v1.2 (supported): 99.94%
  • TLS v1.1 (to be retired): 0.06%
  • TLS v1.0 (to be retired): 0.00%
  • All other ciphers (supported): 99.99%
  • 3DES (to be retired): 0.00%

As a result of these findings, we do not expect you to experience significant impact as a result of this change. However, any end user using a browser or device that only supports one of the retired protocols or ciphers will no longer be able to connect to the imgix CDN over HTTPS. There is no change to HTTP connectivity.

We welcome your questions or concerns around this change. Please do not hesitate to write us at