VercelDeprecation Notice
Vercel is removing support for the legacy DHE-RSA-AES256-GCM-SHA384 cipher suite on June 30, 2026. This change affects clients that connect to Vercel-hosted domains using TLS 1.2 with non-standard TLS configurations.
Supported Cipher Suites
After the deprecation date, TLS 1.2 connections will only work with these six cipher suites:
ECDHE-ECDSA-AES128-GCM-SHA256ECDHE-RSA-AES128-GCM-SHA256ECDHE-ECDSA-AES256-GCM-SHA384ECDHE-RSA-AES256-GCM-SHA384ECDHE-ECDSA-CHACHA20-POLY1305ECDHE-RSA-CHACHA20-POLY1305
Impact and Action Items
Modern clients and TLS 1.3 connections are unaffected by this change. However, if you operate integrations, automated systems, or HTTP clients that connect to Vercel-hosted domains over TLS 1.2, you should verify that your TLS implementation supports at least one of the supported cipher suites listed above.
Most modern TLS libraries (OpenSSL, Go, Python, Node.js, etc.) support these ECDHE-based suites by default. Legacy systems using older TLS configurations may need updates to maintain connectivity.