PCI Mandate
Important! As part of implementing the TLS 1.2 PCI Mandate, Sabre has disabled non-compliant security protocols in all environments as of June 30, 2018. Please take note of the following scheduled changes as it relates to disabling weak ciphers in support of the PCI Mandate.
As part of the ongoing effort to keep Sabre systems secure, we are disabling a set of weak cipher suites for all tier 1 TLS connections. When any external application connects to Sabre using Sabre APIs (Sabre Web Services), it uses HTTPS security based on TLS 1.2 with support for the cipher suites listed on the Supported Ciphers page. Some of these cipher suites have known vulnerabilities (3DES' Sweet32, ROBOT) which could be used to access and change the data in route.
Action Required: All application owners using Sabre APIs are asked to validate that their application supports one or more of the preferred cipher suites listed on the Supported Ciphers page.