M-A040126-01 Public Website Cipher Security Hardening (MIS.ERCOT.COM, MISAPI.ERCOT.COM, API.WAN.ERCOT.COM)
NOTICE DATE: April 1, 2026
NOTICE TYPE: M-A040126-01 Operations
SHORT DESCRIPTION: Public Website Cipher Security Hardening (MIS.ERCOT.COM, MISAPI.ERCOT.COM, API.WAN.ERCOT.COM)
INTENDED AUDIENCE: Market Participant personnel that administer programmatic access to ERCOT's PROD, MOTE, and RMTE External Web Services
DAYS AFFECTED: April 29-30, May 27-28
LONG DESCRIPTION: ERCOT is taking the first of many steps to mitigate potential security threats to ERCOT's public-facing websites. This round of changes is specifically addressing security concerns cipher suites supported in TLS1.2 communication.
ERCOT will be restricting cipher suites used to encrypt communication available for the public-facing websites (MIS.ERCOT.COM, MISAPI.ERCOT.COM, API.WAN.ERCOT.COM) used by Market Participants (MPs).
This affects all Graphical User Interface (GUI) websites as well as all Application Programmatic Interfaces (APIs) connecting to ERCOT for ERCOT's External Web Services (EWS), including submissions and Get List/Report functionality, Network Management System (NMS), and access to the MarkeTrak API.
TESTMIS.ERCOT.COM and MIS.ERCOT.COM were updated with the R3 release. As this site is GUI-based, browsers will have no issues with the reduced TLS1.2 cipher list.
(MOTE/CERT/RMTE APIs) TESTMISAPI.ERCOT.COM and TESTMISAPI.WAN.ERCOT.COM will be updated with the R4 release.
MISAPI.ERCOT.COM and API.WAN.ERCOT.COM will be updated with the R5 release.
MPs have been notified of this upcoming change through discussion in the ERCOT Technology Working Group (TWG).
ACTION REQUIRED: MP personnel that administer programmatic access to ERCOT's production and testing environments will need to ensure that MP systems used in communication with ERCOT External Web Services APIs support the use of strong TLS1.2 ciphers only.
Failure to test configuration changes in MOTE and make the required changes on the MP side prior to the Production change can cause connection errors and will prevent access to ERCOT External Web Services APIs.
ADDITIONAL INFORMATION: ERCOT will communicate future changes including, but not limited to, the addition of TLS1.3 for sites not currently supporting TLS 1.3 later in 2026.
CONTACT: If you have any questions, please contact your ERCOT Account Manager. You may also call the general ERCOT Client Services phone number at (512) 248-3900 or contact ERCOT Client Services via email at ClientServices@ercot.com.
If you are receiving email from a public ERCOT distribution list that you no longer wish to receive, please follow this link in order to unsubscribe from this list: http://lists.ercot.com.