Past week we saw a major outage in our iDeal and iDIN connectors. We want to apologize for any problems experienced by our customers during this outage, and through this way want to inform our customers about mitigating steps we took to prevent this from reoccurring. We are committed to guarantee a high uptime, as you are used from our platform.
Intro
This problem was caused by an incorrect encryption cypher used by Evidos to communicate with the iDIN and iDeal platform.
iDIN and iDeal notified us about an upcoming change of their accepted encryption cyphers about two months ago. This change was scheduled to take place on the 30th of April. This update would block older cyphers from being used to communicate with the platform. (Cyphers are being used to encrypt and decrypt server-to-server communication)
We put these new cyphers to the test, and from our testing it seemed our servers were compliant with the impending update. These tests were performed early March.
Problem
On the 30th of April 2020 Currence released the preannounced iDIN and iDeal cypher update. We found our servers unable to communicatie with these methods anymore, and displayed an error message to signers. After noticing the issue we’ve created an incident here on status page. Our servers were not fully compliant with the new cypher suite, even though our initial testing proved otherwise.
Fix
We had to urgently deploy new server versions which accepted the new cypher suite, in order for iDIN and iDeal to be operational again as soon as possible. Based on useage and ease of fixing, first iDeal was restored, afterwards iDIN. Both were operational again the same day. A further, more robust and future proof fix was rolled out on Monday the 4th of May.
Mitigation
In order to mitigate these problems in the future, we have updated our servers to newer version accepting more cypher suites. Furthermore, we expanded our logging and testing capabilities to nip similar problems in the bud at an earlier stage. Finally, we are now in the process of retooling our iDIN connector so, if problems arise, we are even more flexible with regards to deploying these connectors on other servers and environments.
This will help us guarantee our high uptime, and keep our customer’s environments operational and responsive in the future.