Twilio has been testing additional safeguards and checks around SSL certificate validation to prevent Man-in-the-Middle attacks on HTTPS connections. The change impacts customers who use HTTPS endpoints to receive requests from Twilio, causing HTTP requests to fail if the certificate is self-signed, expired, or mis-matched. The safeguard is enabled by default for all new accounts created after October 2015 and can be enabled or disabled within the "Account Settings" page under "SSL Certificate Validation". To help with debugging failures related to certificate validation, Twilio has introduced three new error codes that will be thrown when certificate validation causes an HTTP request to fail. Customers can validate their endpoint's SSL certificate using a tool from SSL labs and reach out to Twilio's Support Team at `[email protected]` for assistance.