Deprecating CBC cipher suites
- Category
- Security
- Published
Starting January 18, 2027, Clerk will phase out CBC-mode SSL/TLS cipher suites on Clerk-managed subdomains as certificates rotate. Here's what's changing and why.
Beginning January 18, 2027, Clerk will stop supporting CBC-mode SSL/TLS cipher suites on Clerk-managed subdomains, including clerk.example.com (Frontend API) and accounts.example.com (Account Portal). This is a breaking change for clients that can only negotiate a CBC cipher, but most applications will not be affected, since modern clients already negotiate stronger ciphers.
The change rolls out as certificates are renewed. Clerk certificates are valid for 90 days, so every affected subdomain will have moved to the new ciphers within a few months. New applications default to the new configuration starting January 18, 2027.
CBC-mode ciphers have a long history of practical attacks (POODLE, BEAST, and Lucky Thirteen) and have been deprecated by browsers, operating systems, and the broader security community. Modern connections use AEAD cipher suites such as AES-GCM and ChaCha20-Poly1305, which avoid the entire class of padding-related attacks.
Affected cipher suites
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHATLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHATLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384TLS_ECDHE_RSA_WITH_AES_128_CBC_SHATLS_RSA_WITH_AES_128_CBC_SHATLS_ECDHE_RSA_WITH_AES_256_CBC_SHATLS_RSA_WITH_AES_256_CBC_SHATLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256TLS_RSA_WITH_AES_128_CBC_SHA256TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
After a subdomain rotates, clients that can only negotiate one of these ciphers will fail the TLS handshake with it. Any reasonably modern client (current browsers, mobile operating systems, and server runtimes) already prefers AEAD ciphers and is unaffected.
If you need continued CBC support, contact .