Market Notice Details

To: Notice_Operations@lists.ercot.com,Notice_Release_Wholesale@lists.ercot.com,Notice_Release_Retail@lists.ercot.com,Notice_Extracts_Retail@lists.ercot.com,Notice_Extracts_Wholesale@lists.ercot.com,Notice_Outages_Retail@lists.ercot.com,Notice_Outages_Wholesale@lists.ercot.com

Sent: 4/29/26, 12:38 PM

Subject: M-A040126-02 Public Website Cipher Security Hardening (MIS.ERCOT.COM, MISAPI.ERCOT.COM, API.WAN.ERCOT.COM) - REMINDER

NOTICE DATE: April 29, 2026

NOTICE TYPE: M-A040126-02 Operations

SHORT DESCRIPTION: Public Website Cipher Security Hardening (MIS.ERCOT.COM, MISAPI.ERCOT.COM, API.WAN.ERCOT.COM) - REMINDER

INTENDED AUDIENCE: Market Participant personnel that administer programmatic access to ERCOT's PROD, MOTE, and RMTE External Web Services

DAYS AFFECTED: April 30, May 27-28

LONG DESCRIPTION:

ERCOT is taking the first of many steps to mitigate potential security threats to ERCOT's public-facing websites. This round of changes is specifically addressing security concerns cipher suites supported in TLS1.2 communication.

ERCOT will be restricting cipher suites used to encrypt communication available for the public-facing websites (MIS.ERCOT.COM, MISAPI.ERCOT.COM, API.WAN.ERCOT.COM) used by Market Participants (MPs).

This affects all Graphical User Interface (GUI) websites as well as all Application Programmatic Interfaces (APIs) connecting to ERCOT for ERCOT's External Web Services (EWS), including submissions and Get List/Report functionality, Network Management System (NMS), and access to the MarkeTrak API.

TESTMIS.ERCOT.COM and MIS.ERCOT.COM were updated with the R3 release. As this site is GUI-based, browsers will have no issues with the reduced TLS1.2 cipher list.

(MOTE/CERT/RMTE APIs) TESTMISAPI.ERCOT.COM and TESTMISAPI.WAN.ERCOT.COM will be updated with the R4 release (now including TLS1.3 protocol).

MISAPI.ERCOT.COM and API.WAN.ERCOT.COM will be updated with the R5 release (now including TLS1.3 protocol).

MPs have been notified of this upcoming change through discussion in the ERCOT Technology Working Group (TWG).

ACTION REQUIRED: MP personnel that administer programmatic access to ERCOT's production and testing environments will need to ensure that MP systems used in communication with ERCOT External Web Services APIs support the use of strong TLS1.2 or TLS1.3 ciphers only.

Failure to test configuration changes in MOTE and make the required changes on the MP side prior to the Production change can cause connection errors and will prevent access to ERCOT External Web Services APIs.

ADDITIONAL INFORMATION: During internal testing of the upcoming changes, the MAGE software was unable to support the limited cipher list. As a result, ERCOT must include the TLS1.3 protocol and ciphers to the API sites. ERCOT will continue to support the strong TLS1.2 ciphers on all sites for the foreseeable future.

ERCOT will communicate future changes including, but not limited to, the addition of TLS1.3 for sites not currently supporting TLS 1.3 later in 2026.

CONTACT: If you have any questions, please contact your ERCOT Account Manager. You may also call the general ERCOT Client Services phone number at (512) 248-3900 or contact ERCOT Client Services via email at ClientServices@ercot.com.

If you are receiving email from a public ERCOT distribution list that you no longer wish to receive, please follow this link in order to unsubscribe from this list: https://lists.ercot.com.