VercelDeprecation Timeline
On June 30th, 2026, Vercel will remove support for the legacy DHE-RSA-AES256-GCM-SHA384 cipher suite from its CDN and network infrastructure. This cipher may still be used by automated systems, security scanners, and HTTP clients with non-standard TLS configurations.
Impact and Supported Ciphers
After this deprecation, TLS 1.2 clients connecting to Vercel-hosted domains must support at least one of these six remaining cipher suites:
ECDHE-ECDSA-AES128-GCM-SHA256ECDHE-RSA-AES128-GCM-SHA256ECDHE-ECDSA-AES256-GCM-SHA384ECDHE-RSA-AES256-GCM-SHA384ECDHE-ECDSA-CHACHA20-POLY1305ECDHE-RSA-CHACHA20-POLY1305
Modern clients and TLS 1.3 connections are unaffected by this change.
Action Items for Users
If you operate integrations or automated systems that connect to domains hosted on Vercel over TLS 1.2, verify that your TLS client supports at least one of the listed cipher suites. Modern TLS libraries support these ciphers by default, so most users will not need to take action.