All Products
Search

This Product

    Data Management:[Announcement] Database Gateway upgrade

    Document Center

    Data Management:[Announcement] Database Gateway upgrade

    Last Updated:Jul 24, 2025

    Database Gateway is scheduled for an upgrade on August 10, 2025. After the upgrade, gateways in US (Virginia) and US (Silicon Valley) regions will no longer support the insecure encryption algorithm (TLS_RSA_WITH_3DES_EDE_CBC_SHA) that is compatible with the Transport Layer Security (TLS) 1.2 protocol.

    Upgrade time

    August 10, 2025

    Affected regions

    US (Virginia) and US (Silicon Valley).

    Important

    The regions mentioned in this topic indicate the regions where the database gateways are accessed, which are specified when you start the database gateway agent.

    Impacts and solution

    Impacts

    After the upgrade, database gateways that are in the US (Virginia) and US (Silicon Valley) regions and use the TLS_RSA_WITH_3DES_EDE_CBC_SHA encryption algorithm compatible with TLS 1.2 will be no longer available for use.

    Solution

    Make sure that the TLS protocol and encryption algorithm remain available on each of your server on which the database gateway agent is deployed after the upgrade. The following steps provide an example on how to check the availability of the protocol and algorithm and how to upgrade the TLS version on a server running Red Hat Linux:

    1. Log on to the server on which the database gateway agent is deployed.

    2. Run one of the following commands based on the region where the database gateway is accessed:

      • US (Virginia): openssl s_client -connect pub-us-east-1.dg.aliyuncs.com:443 -tls1_2|grep Cipher

      • US (Silicon Valley): openssl s_client -connect pub-us-west-1.dg.aliyuncs.com:443 -tls1_2|grep Cipher

    3. Check the returned result.

      If the result indicates that the TLS version is 1.2 and the TLS_RSA_WITH_3DES_EDE_CBC_SHA algorithm is not used, you do not need to perform any operations after the upgrade. Otherwise, go to the next step.

      Sample result:

      New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256

    4. (Optional) Upgrade the TLS version.

      Note

      If the TLS_RSA_WITH_3DES_EDE_CBC_SHA algorithm is used on your server, make sure that the OpenSSL version is 1.1.1 or later, and the TLS version is 1.3 or later.

      1. Run the sudo yum update openssl -y command to upgrade the OpenSSL version.

      2. Run the openssl version command to check the OpenSSL version after the upgrade.

        If the version is 1.1.1 or later, you can proceed to the next step.

        Sample result:

        OpenSSL 1.1.1k  FIPS 25 Mar 2021

      3. Run one of the following commands based on the region where the database gateway is accessed:

        • US (Virginia): openssl s_client -connect pub-us-east-1.dg.aliyuncs.com:443 -tls1_3|grep Cipher

        • US (Silicon Valley): openssl s_client -connect pub-us-west-1.dg.aliyuncs.com:443 -tls1_3|grep Cipher

      4. Check the returned result.

        If the result indicates that the TLS version is 1.3, the upgrade is successful.

        Sample result:

        New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
    Cipher    : TLS_AES_128_GCM_SHA256