Starting March 2023, the Twilio REST API will only support connections that use strong cipher suites.
If your environment fails to connect to our test endpoint at https://tls-test.twilio.com, you may need to upgrade your operating system’s security components or network software to be compatible with these changes.
Notice: Twilio projects can only use the following cipher suites to connect to our API:
These are some common error messages that may indicate your system does not support the security changes:
- Server aborted the SSL handshake
- Connection refused
- Handshake failed
- Unable to connect to the remote server
- Connection forcibly closed by the remote host
- Connection timed out
- Null response object (RestSharp .NET client)*
Tip:Be sure your network allows outbound HTTPS traffic to https://tls-test.twilio.com when running the tests. If you can reach https://tls-test.twilio.com from a browser, your network is not blocking traffic.
* For the legacy Twilio C#/.NET Helper Library (4.x and lower), failures return as a null response object when there is a low level exception such as SSL negotiation failure. Use Fiddler or similar HTTP debugging tool to view the underlying exception details.
Components to Check
There are a number of components involved in connecting to our REST API that may need to be upgraded or reconfigured to use strong cipher suites:
- Operating system’s SSL libraries
- Application server security components
- Network proxy
In most cases, you simply need to upgrade your operating system’s SSL libraries to their latest version. In other cases, you need to update the underlying application server components used by your HTTP client or helper library (e.g. cURL PHP).
Note: The Twilio Helper Libraries themselves do not need to be upgraded, but the underlying dependencies that the libraries rely on may need to be updated to a newer version.
In rare cases, you may have a network proxy or firewall that does not support or is not configured correctly for strong cipher suites connections. You’ll need to consult with your network administrator if you suspect that is the issue.
Every environment is different, so we recommend you consult your software package documentation and IT support staff or vendor to thoroughly investigate and upgrade the affected components.
Verifying the Upgrade
Once you’ve made the necessary changes, verify your upgraded system can connect successfully to the same test endpoint on https://tls-test.twilio.com from your production environment, using the same testing procedures.
Our normal REST API endpoint already supports the strong cipher suites, so you can immediately cut over your production traffic once the changes are verified in your environment.
- Monitoring Updates to the Twilio REST API Security Settings
- Frequently Asked Questions: Twilio REST API’s Cipher Suite Security Changes for March 2023
If you need assistance beyond these resources, please contact our Support Team.