){kind=small}
Announcing SSL Security Enhancements
We've successfully implemented an SSL (Secure Sockets Layer) change to ensure Vonage APIs maintain strong encryption and remain compatible with most modern clients. We're now extending it to other Vonage domains. In this blog post, we'll tell you more about what's changing, who's being affected, and share some tools to validate compatibility in advance.
Before we get to the changes, one example of SSL use is that the communication between you and the service is encrypted, so any personal information, credentials, or content is protected end-to-end.
The SSL/TLS certificate security enhancements across Vonage API Gateway domains include longer, more secure ECDSA (Elliptic Curve Digital Signature Algorithm) certificates (P-256/P-384) alongside the existing RSA-2048 certificates.
This means that both certificate types will be available, and the ALB (Application Load Balancer) will serve the appropriate certificate to clients based on their capabilities.
The change has already been successfully implemented within Vonage, and we are now extending it to all Vonage API domains.
This initiative is part of a broader security and compliance enhancement program aimed at:
Aligning with modern cryptographic standards and best practices.
Improving the security posture and resilience of our platform.
Meeting specific regional compliance requirements (e.g, to comply with the German Technical Guideline BSI-TR-02102-2).
All customers using Vonage APIs over HTTPS will technically be affected, but no action is expected for the vast majority. Let's go through the potential affected environments and how to test the endpoint to validate compatibility.
A very small number of users with outdated or very old systems may have trouble connecting after this update.
Some legacy devices and applications may fail to connect because they do not support modern ECDSA certificates or they do not send SNI (Server Name Indication), which is required for today’s secure connections.
Examples include:
Very old operating systems (e.g., Windows 98 and similar generations).
Outdated Android devices (e.g., Android versions below 4.3).
Early or unpatched Java 6/7 applications with old SSL libraries.
To ensure your customers can connect successfully using the new certificate setup and
to validate compatibility in advance, we've deployed the updated configuration to a test endpoint. The endpoint is not a URL that you can access; it is an endpoint you can configure and request secure access to, and you will get an OK (200).
The described SSL upgrades ensure that Vonage APIs maintain strong encryption and remain compatible with most modern clients. Go ahead and try our test endpoint to see if your application connects without any SSL/TLS issues. If the application connects without SSL/TLS issues, no further action is required. Contact Vonage support if a client update is needed.
Have a question or something to share? Join the conversation on the Vonage Community Slack, stay up to date with the Developer Newsletter, follow us on X (formerly Twitter), subscribe to our YouTube channel for video tutorials, and follow the Vonage Developer page on LinkedIn, a space for developers to learn and connect with the community. Stay connected, share your progress, and keep up with the latest developer news, tips, and events!
