All protocols, ciphers, and configurations in all components are highly secure by default in SecureLogin 8.7 and later. If your SecureLogin deployment is configured with less secure settings, upgrading it to higher and then downgrading it back is not supported. The following are a few example scenarios.
Downgrading the SSO data from AES to 3DES is not supported. When the SSO data is encrypted using AES, downgrading it to 3DES might lead to data loss.
From SecureLogin 8.7, SHA1 is replaced with SHA256 as the default hashing algorithm. SHA256 is more secure and trustworthy. SHA1 to SHA256 is a seamless migration and is available only if you were already using the default AES encryption.
IMPORTANT:If you are using 3DES encryption, then upgrading to SecureLogin 8.7 will not encrypt single sign-on data to SHA256. It remains in SHA1.
After you install SecureLogin 8.7 that includes SHA256, you cannot downgrade to lower SecureLogin version which includes SHA1. If you downgrade from SecureLogin 8.7 to a previous version, SecureLogin will stop working. This issue occurs because the lower versions of SecureLogin can only process the SHA1 encryption, it does not process the SHA256 encrypted single sign-on data.